You are on page 1of 123

Architecture Guide

Windows Azure

October 2012
Version 3.0

Disclaimer
This document is provided as-is. Information and views expressed in this document, including URL and other Internet website references, may
change without notice. You bear the risk of using it.
Some examples are for illustration only and are fictitious. No real association is intended or inferred.
This document does not provide you with any legal rights to any intellectual property in any Microsoft product. You may copy and use this document
for your internal, reference purposes.
2012 Microsoft Corporation. All rights reserved.
Microsoft, the Microsoft logo, the Windows logo, Active Directory, ActiveSync, AppFabric, Bing, BizTalk, Excel, Hyper-V, InfoPath, Internet Explorer,
Office 365, Outlook, PerformancePoint, PowerPoint, SharePoint, SQL Azure, SQL Server, Visio, Visual Studio, Windows, Windows Azure, Windows
Intune, Windows Mobile, Windows PowerShell, Windows Server, and Windows Vista are either registered trademarks or trademarks of Microsoft
Corporation in the United States and/or other countries.
All other trademarks are property of their respective owners.

Contents
Overview .............................................................................................................................................. 4
Scope of This Guide ....................................................................................................................................................................... 4
Who Should Read This Guide .................................................................................................................................................... 4
How to Use This Guide ................................................................................................................................................................. 4
Section Summaries ......................................................................................................................................................................... 4

Customizing Your Solution ............................................................................................................. 5


Why Customize? .............................................................................................................................................................................. 5
The Customization Process ......................................................................................................................................................... 5
Understand Your Priorities ........................................................................................................................................... 5
Choose a Starting Point ................................................................................................................................................. 6
Adjust the Optimization Mapping ............................................................................................................................ 6
Adjust the Logical Architecture .................................................................................................................................. 8
Design the Physical Architecture and Plan ............................................................................................................ 8

Phase 1 ................................................................................................................................................. 9
Envision the Solution ..................................................................................................................................................................... 9
Definition ............................................................................................................................................................................. 9
Optimization Mapping ................................................................................................................................................ 10
Technology Mapping .................................................................................................................................................. 13

Architect the Solution .................................................................................................................................................................14


Logical Architecture ..................................................................................................................................................... 14
Illustrative Physical Architecture ............................................................................................................................. 15
System Components .................................................................................................................................................... 16

Plan Development and Deployment of the Solution .....................................................................................................20

Phase 2 ............................................................................................................................................... 64
Envision the Solution ...................................................................................................................................................................64
Definition .......................................................................................................................................................................... 64
Optimization Mapping ................................................................................................................................................ 65
Technology Mapping .................................................................................................................................................. 67

Architect the Solution .................................................................................................................................................................69


Logical Architecture ..................................................................................................................................................... 69
Illustrative Physical Architecture ............................................................................................................................. 70
System Components .................................................................................................................................................... 70

Plan Development and Deployment of the Solution .....................................................................................................75

Phase 3 ............................................................................................................................................... 97
Envision the Solution ...................................................................................................................................................................97
Definition .......................................................................................................................................................................... 97
Optimization Mapping ................................................................................................................................................ 98
Technology Mapping ................................................................................................................................................ 101

Architect the Solution .............................................................................................................................................................. 103


Logical Architecture ................................................................................................................................................... 103
Illustrative Physical Architecture ............................................................................................................................ 103
System Components .................................................................................................................................................. 104

Plan Development and Deployment of the Solution .................................................................................................. 109

Architecture Guide

Page 3 of 123

Overview
This section explains this documents scope, the intended audience, a description about how the
audience should use this document, and a summary of the key sections.

Scope of This Guide


This document helps the audience design a logical architecture for an enterprise platform that is based
on Microsoft technologies and that optimizes Windows Azure. It also contains references to other
documents that describe how to design a physical architecture and how to plan for developing and
deploying the designed platform.
The audience should use the information in this document in the context of business needs and
integrated capability requirements that the Microsoft Optimization solution area for Windows Azure
discusses. This solution area helps structure conversations with IT directors and executives to better
understand their business drivers and priorities, discuss potential business capabilities, and design and
deploy a robust enterprise platform that supports the solution.

Who Should Read This Guide


This document is for solution implementation team members who specify and plan an enterprise
platform that optimizes Windows Azure. Solution implementation team members typically include
business analysts, solution architects, platform architects, infrastructure architects, IT infrastructure
managers, and IT operations managers.

How to Use This Guide


This document provides useful information about an integrated capability analysis, which is a
structured process for validating the requirements, specifying the design, and planning to develop and
deploy an enterprise architecture.

Section Summaries
This document has four major sections:

Customizing Your Solution: This section provides an approach to use the remaining sections of
this document and other Optimization solution area materials to validate requirements, specify the
design, and plan to develop and deploy an enterprise architecture that meets your specific needs.

Phase 1: This section provides the definition; Optimization mapping; technology mapping; logical
architecture; illustrative physical architecture; system components; and references to plan, develop,
and deploy Phase 1.

Phase 2: This section provides the definition; Optimization mapping; technology mapping; logical
architecture; illustrative physical architecture; system components; and references to plan, develop,
and deploy the Phase 2.

Phase 3: This section provides the definition; Optimization mapping; technology mapping; logical
architecture; illustrative physical architecture; system components; and references to plan, develop,
and deploy the Phase 3.

Architecture Guide

Page 4 of 123

Customizing Your Solution


This section provides an approach to use this document and other Optimization solution area materials
to validate requirements, specify the design, and plan to develop and deploy an enterprise architecture
that optimizes Windows Azure.

Why Customize?
This document and the other Optimization solution area materials define three illustrative solution
phases that increase in complexity and potential business value: Phase 1, Phase 2, and Phase 3. Each
solution phase specifies business capabilities that map to the Optimization maturity models,
architecture diagrams, and technologies.
The definitions of these three illustrative solutions are quite robust, so it is likely that no solution
exactly matches your particular needs because your business has:

Specific priorities of business drivers

Specific priorities of business capabilities

Existing architecture and initiatives in your environment

The Customization Process


You should use the solution phases as starting points in the following steps, which ensures a resulting
platform that is robust, agile, and manageable:
1.

Understand your priorities.

2.

Choose a starting point.

3.

Adjust the Optimization mapping.

4.

Adjust the logical architecture.

5.

Design the physical architecture and plan.

Understand Your Priorities


The first step is to clearly understand, document, and baseline your priorities. You can use the Business
Priorities Guide for a solution area to discuss, capture, and baseline the relevance and priority of
specific business drivers and potential business capabilities.
Figure 1 illustrates an example where:

The business driver, Create high-impact sales proposals, is the first priority.

Red text emphasizes the compelling business capabilitiess that address the organizations specific
needs.

Architecture Guide

Page 5 of 123

Figure 1 Example business priorities

Choose a Starting Point


Based on your priorities, Phase 2 is the starting point for this example because it is the least advanced
solution that covers the first priority business capability.

Adjust the Optimization Mapping


Review and adjust the Optimization mapping that corresponds to the starting-point solution. You can
remove capabilities that you do not need and change the maturity levels for the capabilities.
Figure 2 illustrates this process for the specific business capability priorities. In this figure:

?
*

Capability is needed
Capability is not needed
Capability may not be relevant
Capability that Phase 2 defines may not match the
specific requirement for the customized solution

Architecture Guide

Page 6 of 123

Figure 2 Adjusting your solutions Optimization mapping

Tips for adjusting your solutions Optimization mapping:

For capabilities that may not match the specific requirement for your customized solution (that is,
capabilities that are marked with an asterisk [*]):

Refer to the Optimization model definitions.

Consider using an alternate maturity level that corresponds to your requirements, as Figure 3
shows.

Remove items in a capability that you do not need.

Figure 3 Using an alternate maturity level

Architecture Guide

Page 7 of 123

For capabilities that may not be relevant (that is, capabilities that are marked with a question mark
[?]):

Identify, document, and discuss how a capability might be relevant.

Identify the Core capabilities that may not be critically relevant, as Figure 4 shows.

Figure 4 Identifying a Core capability that is not critically relevant

Server Security helps protect and secure the server infrastructure at the data center from viruses,
spam, malware, and other intrusions.

Adjust the Logical Architecture


After you identify a stable set of business capabilities and corresponding required Optimization
capability maturity levels, you can adjust the technology mapping, logical architecture, and system
components of the starting-point solution phase to remove what you do not need.

Design the Physical Architecture and Plan


From the system components list that you adjusted, you can refer to the corresponding lists to design
a specific physical architecture that meets your needs and environment and to plan how to develop
and deploy your customized platform.

Architecture Guide

Page 8 of 123

Phase 1
This section provides the definition, Optimization mapping; technology mapping; logical architecture;
illustrative physical architecture; system components; and references to plan, develop, and deploy
Phase 1.

Envision the Solution


This section provides the definition of Phase 1 and other useful information, such as starting points, to
help you envision your solutions definition, Optimization mapping, and technology mapping.

Definition
Phase 1 is a robust, enterprise-class deployment that addresses the following goals:

Addresses the most typical compelling business priorities.

Gets you using the new platform with high visibility, leading to positive return on investment.

The conceptual architecture diagram in


Figure 5 represents the collective set of business capabilities that Phase 1 includes.
Figure 5 Conceptual architecture diagram for Phase 1

Architecture Guide

Page 9 of 123

This section describes the integrated capabilities of the Phase 1 solution. Organizations can use this
section to better understand which integrated capabilities they need to customize for the solution to
meet specific business needs.
Organizations that require a Phase 1 solution for Windows Azure need to manage their IT
infrastructure efficiently with minimal administrative overhead and focus on value-added services by
expanding their existing portfolio of applications and services. Organizations need to have highly
available, scalable, multitenant data services in the cloud to meet changing business needs on demand.
Organizations can help deliver on-demand computing and storage capabilities while ensuring a
familiar and consistent application development model. Organizations can better work with increasing
amounts of data from multiple locations and devices by linking existing on-premises data stores to
cloud-based storage services without compromising performance and achieving defined service-level
agreements. Organizations can provide more secure access to applications that are exposed over
Internet, firewall, domain, and network boundaries by building federated authorization into
applications.

Optimization Mapping
Error! Reference source not found.6 shows the Optimization mapping for Phase 1.
Figure 6 Optimization mapping for Phase 1

Architecture Guide

Page 10 of 123

Architecture Guide

Page 11 of 123

Architecture Guide

Page 12 of 123

Technology Mapping
Phase 1 requires the following Microsoft technologies:

Client Technologies
Microsoft Office 2007 / 2010

Microsoft Office Outlook 2007 / Microsoft Outlook 2010, Microsoft Office Word 2007 /
Microsoft Word 2010, Microsoft Office Excel 2007 / Microsoft Excel 2010, Microsoft Office
PowerPoint 2007 / Microsoft PowerPoint 2010

Microsoft Office Visio 2007 / Microsoft Visio 2010

Microsoft Office Project 2007 / Microsoft Project 2010

Microsoft Forefront Endpoint Protection 2010 / Microsoft System Center 2012 Endpoint
Protection

Windows 7 / 8

Server Technologies
Microsoft SQL Server 2008 R2 / 2012

Microsoft Server Security

Microsoft Internet Security and Acceleration Server 2006 / Microsoft Forefront Threat
Management Gateway 2010

Microsoft Intelligent Application Gateway 2007 / Microsoft Forefront Unified Access Gateway
2010

Microsoft Forefront Identity Manager 2010 / 2010 R2

Microsoft Windows Server 2008 R2 / 2012

Microsoft System Center

Microsoft System Center Operations Manager 2007 R2 / Microsoft System Center 2012
Operations Manager

Microsoft System Center Data Protection Manager 2010 / Microsoft System Center 2012 Data
Protection Manager

Microsoft System Center Configuration Manager 2007 R3 / Microsoft System Center 2012
Configuration Manager

Microsoft System Center Virtual Machine Manager 2008 R2 / Microsoft System Center 2012
Virtual Machine Manager

Microsoft System Center Service Manager 2010 / Microsoft System Center 2012 Service
Manager

Opalis / Microsoft System Center 2012 Orchestrator

Microsoft Windows Storage Server 2008 / 2008 R2

Windows Server AppFabric

Microsoft Hyper-V Server 2008 / 2008 R2

Microsoft BizTalk Server 2009 / 2010

Architecture Guide

Page 13 of 123

Cloud Technologies
Microsoft Business Productivity Online Services / Microsoft Office 365

Microsoft SharePoint Online

Windows Azure platform

Windows Azure

Windows Azure AppFabric

Microsoft SQL Azure

Microsoft Online Backup Service

Development Tools
Microsoft .NET Framework

Microsoft Visual Studio 2010 Team Foundation Server / Microsoft Visual Studio 11 Team
Foundation Server

Microsoft Visual Studio Team System 2008 / 2010 / 11

Windows Communications Foundation (WCF) Services

Tools
Microsoft Assessment and Planning Toolkit 6.0 / 6.5

Microsoft Security Assessment Tool

Microsoft Software Inventory Analyzer 5.0 / 5.1

Microsoft Deployment Toolkit 2010 / 2012

Windows Automated Installation Kit

Microsoft Security Compliance Management Toolkit

Compliance Management Libraries 2.0

Data Classification Toolkit

IT Governance, Risk and Compliance process management pack 2.0

BizTalk ESB Toolkit

Architect the Solution


This section provides the logical architecture, illustrative physical architecture, and list of required
system components for Phase 1, which are useful starting points to help you design your solution.

Logical Architecture
Figure 7 is the logical architecture diagram that shows the infrastructure for Phase 1 and its
functionalities. This diagram provides a high-level overview of the requirements to implement Phase 1.
This diagram is a starting point; you should customize it to meet the specific needs of your
organization.

Architecture Guide

Page 14 of 123

Figure 7 Logical architecture diagram of Phase 1

Illustrative Physical Architecture


Figure 8 is an illustrative physical architecture diagram for Phase 1. A physical architecture diagram
shifts from describing technologies as capabilities and roles to describing physical systems. As with all
sample diagrams, you should customize this diagram to meet the specific needs of your organization.
For more information about customizing this diagram (including the required software product
editions), see Plan Development and Deployment of the Solution in Phase 1.
Figure 8 Physical architecture for Phase 1

Architecture Guide

Page 15 of 123

System Components
This section lists the system components that Phase 1 requires. The system components consist of
product components that are grouped by product families. Table 1 lists the product components that
each solution capability in Phase 1 needs. You can use this table to better understand which product
components you need to meet the specific solution capability requirements for your customized
solution.
The legend for the table is as follows:
X

Product must be included to enable the solution capability.

Product is recommended to better enable the solution capability.

Secure connectivity between loosely


coupled services and applications over
the Internet across firewall, domain, and
network boundaries

Enabling services to navigate firewalls or


network boundaries

Office Project 2007 / Project 2010

Forefront Endpoint Protection 2010


/ System Center 2012 Endpoint
Protection

Highly available, scalable, multitenant


storage service in the cloud

Relational data model in the cloud that


provides connectivity with existing onpremises storage

Creation, prototyping, and deployment of


applications that integrate data across
the organization

Self-managing capability to provision


data services with built-in fault tolerance

Table 1 System components for Phase 1

Product family
Product component

CLIENT TECHNOLOGIES
Office 2007 / 2010
Office Outlook 2007 / Outlook
2010, Office Word 2007 / Word
2010, Office Excel 2007 / Excel
2010, Office PowerPoint 2007 /
PowerPoint 2010

Office Visio 2007 / Visio 2010

Windows 7

Windows 8
Offline Files

DirectAccess
SERVER TECHNOLOGIES
Office SharePoint Server 2007 /
SharePoint Server 2010*
Sites and Portals
Single Sign-On Service / Secure
Store Service*

Architecture Guide

Page 16 of 123

Relational data model in the cloud that


provides connectivity with existing onpremises storage

Enabling services to navigate firewalls or


network boundaries

Creation, prototyping, and deployment of


applications that integrate data across
the organization

Secure connectivity between loosely


coupled services and applications over
the Internet across firewall, domain, and
network boundaries

Self-managing capability to provision


data services with built-in fault tolerance

Product component

Highly available, scalable, multitenant


storage service in the cloud

Product family

SQL Server 2008 R2 / 2012


Database Engine

Server Security
Forefront Security for SharePoint
/ Forefront Protection 2010 for
SharePoint
Internet Security and Acceleration
Server 2006 / Forefront Threat
Management Gateway 2010
Firewall
Intelligent Application Gateway
2007 / Forefront Unified Access
Gateway 2010
Forefront Identity Manager 2010 /
2010 R2

Windows Server 2008 R2 / 2012*


Active Directory Domain
Services

Active Directory Federation


Services
Active Directory Certificate
Services
Active Directory Lightweight
Directory Services

Network Policy and Access


Services
Group Policy

Internet Information Services (IIS)


7/8
Hyper-V

Windows Deployment Services


Windows Firewall with Advanced
Security

*
*

DirectAccess
Storage Spaces*

Architecture Guide

Page 17 of 123

System Center Configuration


Manager 2007 R3 / System
Center 2012 Configuration
Manager

Enabling services to navigate firewalls or


network boundaries

System Center Data Protection


Manager 2010 / System Center
2012 Data Protection Manager

Secure connectivity between loosely


coupled services and applications over
the Internet across firewall, domain, and
network boundaries

Creation, prototyping, and deployment of


applications that integrate data across
the organization
*

Product component

Relational data model in the cloud that


provides connectivity with existing onpremises storage

Self-managing capability to provision


data services with built-in fault tolerance
*

Highly available, scalable, multitenant


storage service in the cloud

System Center Operations


Manager 2007 R2 / System
Center 2012 Operations Manager

Product family

System Center

System Center Virtual Machine


Manager 2008 R2 / System
Center 2012 Virtual Machine
Manager

System Center Virtual Machine


Manager Self Service Portal 2.0
System Center Service Manager
2010 / System Center 2012
Service Manager
Opalis / System Center 2012
Orchestrator

System Center 2012 App


Controller
Windows Storage Server 2008 /
2008 R2

Windows Server AppFabric


Hyper-V Server 2008 / 2008 R2

*
*

BizTalk Server 2009 / 2010

*
X

CLOUD TECHNOLOGIES
BPOS / Office 365*

SharePoint Online

Windows Azure platform


Windows Azure
Windows Azure AppFabric

Architecture Guide

Page 18 of 123

Active Directory Access Control

SQL Azure

Online Backup Service

Enabling services to navigate firewalls or


network boundaries

Secure connectivity between loosely


coupled services and applications over
the Internet across firewall, domain, and
network boundaries

Relational data model in the cloud that


provides connectivity with existing onpremises storage

Creation, prototyping, and deployment of


applications that integrate data across
the organization

Product component

Self-managing capability to provision


data services with built-in fault tolerance

Highly available, scalable, multitenant


storage service in the cloud

Product family

*
X

DEVELOPMENT TOOLS
.NET Framework

Visual Studio 2010 Team Foundation


Server / Visual Studio 11 Team
Foundation Server

Visual Studio Team System 2008 /


2010 / 11

Windows Communications
Foundation (WCF) Services
TOOLS, ADD-INS, LIBRARIES, AND FRAMEWORKS
Assessment and Planning Toolkit 6.0
/ 6.5

Security Assessment Tool


Software Inventory Analyzer 5.0 /
5.1

Deployment Toolkit 2010 / 2012

Windows Automated Installation Kit

Security Compliance Management


Toolkit
Security Compliance Manager 2.x
Compliance Management Libraries
2.0
Windows SDK
Data Classification Toolkit

IT Governance, Risk and Compliance


Process Management Pack 2.0
BizTalk ESB Toolkit

*
*

Architecture Guide

Page 19 of 123

Plan Development and Deployment of the Solution


This section provides references to help you plan to develop and deploy the server product
components that are relevant to Phase 1.

SERVER TECHNOLOGIES
This section contains links to the server technologies that Table 1 references.

Microsoft SQL Server 2008 R2


Microsoft SQL Server 2008 R2 can help people scale database operations with confidence; improve IT
and developer efficiency; and enable highly scalable, well-managed, and self-service business
intelligence.
General
Home Page

http://www.microsoft.com/sqlserver/2008/en/us/R2.aspx

Get Started

http://technet.microsoft.com/en-us/library/bb500434.aspx

Plan a SQL Server Installation

http://technet.microsoft.com/en-us/library/bb500442.aspx

Technical Articles

http://technet.microsoft.com/enus/library/bb418445(SQL.10).aspx

Database Engine
The Database Engine is the core service for storing, processing, and securing data. It provides
controlled access and rapid transaction processing to meet the requirements of the most demanding
data-consuming applications within the enterprise.
People can use the Database Engine to create relational databases for online transaction processing or
online analytical processing data. They also can create tables for storing data, and database objects
such as indexes, views, and stored procedures for viewing, managing, and securing data.
General
Get Started

http://technet.microsoft.com/hi-in/library/bb510421(enus,SQL.105).aspx

Planning and Architecture

http://technet.microsoft.com/hi-in/library/cc280361(enus,SQL.105).aspx

Development

http://technet.microsoft.com/hi-in/library/bb500155(enus,SQL.105).aspx

Deployment

http://technet.microsoft.com/hi-in/library/bb522543(enus,SQL.105).aspx

Operations

http://technet.microsoft.com/hi-in/library/bb522460(enus,SQL.105).aspx

Architecture Guide

Page 20 of 123

System Components Integration


This section describes the integration points of SQL Server 2008 R2 with other system components.

Usage Scenarios
This section describes the usage scenarios as supported by SQL Server 2008 R2 in integration with
other system components.
Highly available, scalable, multitenant storage service in the cloud

Interoperability with SQL Azure


Microsoft SQL Azure Database is a cloud-based, relational database service built on SQL Server
technologies. It provides a highly available, scalable, multitenant database service hosted by
Microsoft in the cloud. SQL Azure Database helps organizations provision and deploy multiple
databases, and helps developers avoid installing, setting up, patching, or managing any software.
It features high availability and fault tolerance, requires no physical administration, and supports
Transact-SQL (T-SQL). Developers can use existing knowledge in T-SQL development and a familiar
relational data model for symmetry with existing on-premises databases.

Relational data model in the cloud that provides connectivity with existing on-premises storage

Interoperability with SQL Azure


SQL Azure provides a familiar environment for database programmers. The objects that are
created in SQL Azure Database are the same as those in an SQL Server database. Both SQL Server
and SQL Azure Database use the Transact-SQL language for database creation and data
manipulation. Database developers and administrators can quickly become productive in SQL
Azure by using their existing expertise. Developers can use existing knowledge in T-SQL
development and a familiar relational data model for symmetry with existing on-premises
databases.

Creation, prototyping, and deployment of applications that integrate data across the organization

Interoperability with Visual Studio Team System 2008


Visual Studio offers database design and development tools in an integrated development
environment, helping developers to visually design data relationships, filter SQL statements, edit
SQL code, and run database queries in the development environment itself.

Associated System Components


This section describes the dependencies and recommendations for SQL Server 2008 R2 and highlights
capabilities as enabled directly or when integrated with another system component.

Interoperability with Office BizTalk Server 2009


BizTalk Server is dependent on SQL Server 2008 R2 for the messaging tracking database as well as
other databases. The most sensitive information (such as credential information containing details
of database connection strings, user names, and passwords related to the BizTalk adapters) is
stored in an encrypted format in the single sign-on (SSO) database.

Architecture Guide

Page 21 of 123

Interoperability with Core and Management Services


SQL Server 2008 R2 uses the following technologies and services:

Windows Server 2008 R2


Windows Server provides an installation and deployment platform, granular services, and
other essential components and technologies.
Active Directory Domain Services can help administrators manage user identities and
relationships.
The Active Directory Lightweight Directory Services server role is a Lightweight Directory
Access Protocol (LDAP) directory service that provides data storage and retrieval for
directory-enabled applications, without the dependencies that are required for Active
Directory Domain Services.
Network Policy and Access Services (NPAS) provides technologies that allow deployment
of virtual private networking (VPN), dial-up networking, and 802.11-protected wireless
access. With NPAS, organizations can define and enforce policies for network access
authentication, authorization, and client health.
Group Policy provides an infrastructure for centralized configuration management of the
operating system and applications that run on the operating system.
Internet Information Services (IIS) 7.0 is a powerful web server that provides a highly
reliable, manageable, and scalable web application infrastructure.
The Hyper-V virtualization platform can be used to create and manage a virtualized server
computing environment.
Windows Deployment Services can help administrators remotely deploy Windows
operating systems.
Windows Firewall with Advanced Security helps protect computers on a network through
a stateful firewall that enables administrators to determine what network traffic to permit
to pass between a computer and the network. It also includes connection security rules
that use Internet Protocol security (IPsec) to help protect traffic as it travels across the
network.

Internet Security and Acceleration Server 2006 protects the IT environment from Internetbased threats and provides users with fast and secure remote access to applications and data.

Intelligent Application Gateway 2007 provides a secure-socket-layer virtual private network, a


web application firewall, and endpoint security management that enable access control,
authorization, and content inspection for a wide variety of applications.

Windows Storage Server 2008 enables high-availability scenarios by providing backup and
replication of stored data.

Microsoft Hyper-V Server 2008 provides a reliable and optimized virtualization solution that
helps organizations improve server use and reduce costs through a small footprint and
minimal overhead.

System Center family helps organizations by providing IT with self-managing and monitoring
of dynamic systems. System Center family provides:
A comprehensive view of the health of the IT environment.

Architecture Guide

Page 22 of 123

Optimized disk-based backup and recovery, more consistent data protection, and features
to increase the IT organizations operational efficiencies.
A secure and scalable operating system, application deployment, and configuration
management.
Unified management of physical and virtual machines, consolidation of underutilized
physical servers, and rapid provisioning of new virtual machines.
A flexible platform for automating and adapting IT Service Management best practices to
the organizations requirements.
Automated incident response, change and compliance, and service life-cycle management
processes.

Microsoft SQL Server 2012


Microsoft SQL Server 2012 is a cloud-ready information platform that helps organizations to protect,
scale, and unlock the power of their data. With SQL Server 2012, IT can provide organizations with
performance and availability for business-critical solutions, the potential for breakthrough insight
through rapid data exploration, and the ability to visualize data across the organization. Finally, SQL
Server 2012 helps IT build solutions that extend across premises and the cloud.
General
Home Page

http://www.microsoft.com/sqlserver/en/us/default.aspx

Overview / Capabilities

http://www.microsoft.com/sqlserver/en/us/productinfo/overview-capabilities.aspx

Upgrade to SQL Server 2012

http://technet.microsoft.com/en-us/library/bb677622.aspx

Installation for SQL Server 2012

http://technet.microsoft.com/en-us/library/bb500469.aspx

Technical Articles

http://technet.microsoft.com/enus/library/bb418445(v=sql.10).aspx

Database Engine
The Database Engine is the core service for storing, processing, and securing data. The Database
Engine provides controlled access and rapid transaction processing to meet the requirements of the
most demanding data consuming applications within the enterprise.
Use the Database Engine to create relational databases for online transaction processing or online
analytical processing data. This capability includes creating tables for storing data and developing
database objects such as indexes, views, and stored procedures for viewing, managing, and securing
data.
General
Get Started

http://technet.microsoft.com/enus/library/ms187875(v=sql.110).aspx

What's New (Database Engine)

http://technet.microsoft.com/en-us/library/bb510411.aspx

SQL Server Database Engine Backward


Compatibility

http://technet.microsoft.com/en-us/library/ms143532.aspx

Database Engine Features and Tasks

http://technet.microsoft.com/en-us/library/bb500155.aspx

Architecture Guide

Page 23 of 123

General
Technical Reference (Database Engine)

http://technet.microsoft.com/en-us/library/bb500275.aspx

System Components Integration


This section describes the integration points of SQL Server 2012 with other system components.

Usage Scenarios
This section describes the usage scenarios as supported by SQL Server 2012 in integration with other
system components.
Highly available, scalable, multitenant storage service in the cloud

Interoperability with SQL Azure


Microsoft SQL Azure Database is a cloud-based, relational database service built on SQL Server
technologies. It provides a highly available, scalable, multi-tenant database service hosted by
Microsoft in the cloud. SQL Azure Database helps organizations provision and deploy multiple
databases, and helps developers avoid installing, setting up, patching, or managing any software.
It features high availability and fault tolerance, requires no physical administration, and supports
Transact-SQL (T-SQL). Developers can use existing knowledge in T-SQL development and a familiar
relational data model for symmetry with existing on-premises databases.

Relational data model in the cloud that provides connectivity with existing on-premises storage

Interoperability with SQL Azure


SQL Azure provides a familiar environment for database programmers. The objects that are
created in SQL Azure Database are the same as those in an SQL Server database. Both SQL Server
and SQL Azure Database use the Transact-SQL language for database creation and data
manipulation. Database developers and administrators can quickly become productive in SQL
Azure by using their existing expertise. Developers can use existing knowledge in T-SQL
development and a familiar relational data model for symmetry with existing on-premises
databases.

Creation, prototyping, and deployment of applications that integrate data across the organization

Interoperability with Visual Studio Team System 2010/ Visual Studio 11


Visual Studio offers database designing and development tools in an integrated development
environment, helping developers to visually design data relationships, filter SQL statements, edit
SQL code, and run database queries in the development environment itself.

Associated System Components


This section describes the dependencies and recommendations for SQL Server 2012 and highlights
capabilities as enabled directly or when integrated with another system component.

Interoperability with Office BizTalk Server 2010


BizTalk Server is dependent on SQL Server 2012 for the messaging tracking database as well as
other databases. The most sensitive information, such as credential information containing details
of database connection strings, user names, and passwords related to the BizTalk adapters, is
stored in an encrypted format in the SSO database.

Architecture Guide

Page 24 of 123

Interoperability with Core and Management Services


SQL Server 2012 uses the following technologies and services:

Windows Server 2012


Windows Server provides an installation and deployment platform, granular services, and
other essential components and technologies.
Active Directory Domain Services can help administrators manage user identities and
relationships.
The Active Directory Lightweight Directory Services server role is a Lightweight Directory
Access Protocol (LDAP) directory service that provides data storage and retrieval for
directory-enabled applications, without the dependencies that are required for Active
Directory Domain Services.
Network Policy and Access Services (NPAS) provides technologies that allow deployment
of virtual private networking (VPN), dial-up networking, and 802.11-protected wireless
access. With NPAS, organizations can define and enforce policies for network access
authentication, authorization, and client health.
Group Policy provides an infrastructure for centralized configuration management of the
operating system and applications that run on the operating system.
Internet Information Services (IIS) 8.0 is a powerful web server that provides a highly
reliable, manageable, and scalable web application infrastructure.
The Hyper-V virtualization platform can be used to create and manage a virtualized server
computing environment.
Windows Deployment Services can help administrators remotely deploy Windows
operating systems.
Windows Firewall with Advanced Security helps protect computers on a network through
a stateful firewall that enables administrators to determine what network traffic to permit
to pass between a computer and the network. It also includes connection security rules
that use Internet Protocol security (IPsec) to help protect traffic as it travels across the
network.
Storage Spaces enables virtualized storage capabilities by grouping industry-standard
disks into storage pools, and then creating virtual disks called storage spaces from the
available capacity in the storage pools

Forefront Threat Management Gateway 2010 protects the IT environment from Internet-based
threats and provides users with fast and secure remote access to applications and data.

Forefront Unified Access Gateway 2010 provides a secure-socket-layer virtual private network,
a web application firewall, and endpoint security management that enable access control,
authorization, and content inspection for a wide variety of applications.

Windows Storage Server 2008 R2 enables high-availability scenarios by providing backup and
replication of stored data.

Microsoft Hyper-V Server 2008 R2 provides a reliable and optimized virtualization solution
that helps organizations improve server use and reduce costs through a small footprint and
minimal overhead.

System Center family helps organizations by providing IT with self-managing and monitoring
of dynamic systems. System Center family provides:

Architecture Guide

Page 25 of 123

A comprehensive view of the health of the IT environment.


Optimized disk-based backup and recovery, more consistent data protection, and features
to increase the IT organizations operational efficiencies.
A secure and scalable operating system, application deployment, and configuration
management.
Unified management of physical and virtual machines, consolidation of underutilized
physical servers, and rapid provisioning of new virtual machines.
A flexible platform for automating and adapting IT Service Management best practices to
the organizations requirements.
Automated incident response, change and compliance, and service life-cycle management
processes.

Microsoft Server Security


Microsoft Server Security is a set of comprehensive line-of-business security products that provide
greater protection and control through integration with existing IT infrastructures and through
simplified deployment, management, and analysis.
General
Microsoft ForefrontHome Page

http://www.microsoft.com/forefront/serversecurity/en/us/defaul
t.aspx

Internet Security and Acceleration Server 2006


Microsoft Internet Security and Acceleration Server 2006 is the integrated security gateway that helps
protect IT environments from Internet-based threats, while providing faster and more secure remote
access to applications and data.
General
Get Started

http://technet.microsoft.com/hi-in/library/bb898432(en-us).aspx

Technical Reference

http://technet.microsoft.com/hi-in/library/bb898443(enus,TechNet.10).aspx

Planning and Architecture

http://www.microsoft.com/technet/isa/2006/planningarchitectur
e/default.mspx

Development

http://www.microsoft.com/technet/isa/2006/development/defa
ult.mspx

Deployment

http://www.microsoft.com/technet/isa/2006/deployment/defaul
t.mspx

Operations

http://www.microsoft.com/technet/isa/2006/operations/default.
mspx

Microsoft Internet Security and


Acceleration Server 2006 SDK

http://msdn.microsoft.com/en-us/library/ms828058.aspx

Architecture Guide

Page 26 of 123

Firewall Service
The firewall service in Internet Security and Acceleration Server 2006 runs in user mode at the top of
the TCP/IP protocol stack, and employs a hybrid architecture that combines elements of both proxy
and stateful inspection firewall behavior. The firewall service performs an additional packet inspection
after receiving clearance from the firewall engine. The firewall service can manage traffic across
multiple connections and perform associated processing (for example, application filtering).
General
Internet Security and Acceleration
Server 2006 Firewall Core

http://download.microsoft.com/download/e/7/6/e76fdda3-5c2c4fbb-9c6f-3bcd0ed4b8ef/firewall_corewp.doc

Forefront Threat Management Gateway 2010


Forefront Threat Management Gateway 2010 helps organizations safely and productively use the
Internet for business without worrying about malicious software and other threats. It provides multiple
layers of continuously updated protection that is integrated into a unified, easy-to-manage gateway,
and reduces the cost and complexity of web security.
General
Home Page

http://www.microsoft.com/forefront/threat-managementgateway/en/us/overview.aspx

Whats New

http://technet.microsoft.com/hi-in/library/ee207139(en-us).aspx

Planning and Design

http://technet.microsoft.com/library/cc441674.aspx

Deployment

http://technet.microsoft.com/library/cc441445.aspx

Operations

http://technet.microsoft.com/library/cc441590.aspx

Technical Reference

http://technet.microsoft.com/hi-in/library/cc441714(en-us).aspx

Development Guide

http://technet.microsoft.com/hi-in/library/cc533499(en-us).aspx

Firewall Protection
Forefront Threat Management Gateway 2010 provides access control and protection on three layers:
packet filtering, stateful inspection, and application layer filtering. It also provides deep content
filtering through built-in application filters and delivers customizable, granular controls to HTTP traffic.
General
Overview

http://technet.microsoft.com/en-us/library/cc995253.aspx

Microsoft Intelligent Application Gateway 2007


Microsoft Intelligent Application Gateway 2007 with Application Optimizers provides a secure-socketlayer VPN, a web application firewall, and an endpoint security management that enable access
control, authorization, and content inspection for a wide variety of line-of-business applications.
Together, these technologies provide mobile and remote workers with easy, flexible, and more secure
access from a broad range of devices and locations, including kiosks, PCs, and mobile devices.

Architecture Guide

Page 27 of 123

General
Overview

http://technet.microsoft.com/en-us/library/cc303240.aspx

Planning and Architecture

http://technet.microsoft.com/en-us/library/dd278044.aspx

Deployment

http://technet.microsoft.com/en-us/library/dd278109.aspx

Operations

http://technet.microsoft.com/en-us/library/dd278091.aspx

Intelligent Application Gateway 2007


Technical Reference

http://technet.microsoft.com/enus/library/cc303257(TechNet.10).aspx

Microsoft Forefront Unified Access Gateway 2010


Forefront Unified Access Gateway provides remote access to applications, networks, and internal
resources from diverse client endpoints through a single point of entry. It is an easy and secure remote
access solution that helps provide application intelligence and granular access controls.
General
Home Page

http://www.microsoft.com/forefront/unified-accessgateway/en/us/

Get Started

http://technet.microsoft.com/hi-in/library/dd857281(en-us).aspx

Planning and Design

http://technet.microsoft.com/hi-in/library/dd857293(en-us).aspx

Deployment

http://technet.microsoft.com/hi-in/library/dd857358(en-us).aspx

Operations

http://technet.microsoft.com/hi-in/library/dd857237(en-us).aspx

Technical Reference

http://technet.microsoft.com/hi-in/library/dd857316(en-us).aspx

Microsoft Forefront Identity Manager 2010


Microsoft Forefront Identity Manager 2010 provides powerful self-service capabilities and improved
tools for IT professionals to solve daily tasks such as delegating administration and creating workflows
for common identity management tasks. Forefront Identity Manager 2010 is built on a foundation
based on Microsoft .NET and web services so developers can build customized and extensible
solutions.
General
Home Page

http://technet.microsoft.com/en-us/forefront/cc470030

Get Started Here

http://technet.microsoft.com/hi-in/library/ff602041(enus,WS.10).aspx

Microsoft Forefront Identity Manager 2010 R2


Microsoft Forefront Identity Manager 2010 R2 provides an integrated and comprehensive solution for
managing the entire life cycle of user identities and their associated credentials. It offers organizations
self-service identity management for users, automated life cycle management across heterogeneous
platforms, and a rich policy framework for enforcing security policies and detailed audits. It provides
identity synchronization, user provisioning, certificate and password management, and policy
management in a single solution that works across heterogeneous systems. Developers can use web
service APIs to create custom clients and to provide extensible activities and workflow schemas.

Architecture Guide

Page 28 of 123

General
Home Page

http://www.microsoft.com/en-us/servercloud/forefront/identity-manager.aspx

Technical Overview

http://channel9.msdn.com/Events/TechEd/NorthAmerica/2011/
SIM332

Deployment

http://technet.microsoft.com/enus/library/jj134310%28v=ws.10%29.aspx

Development

http://msdn.microsoft.com/enus/library/windows/desktop/jj131731%28v=vs.100%29.aspx

Windows Server 2008 R2


Windows Server 2008 R2 offers virtualization tools, web resources, management enhancements, and
Windows 7 integration, helping to save time, reduce costs, and provide a platform for a dynamic and
efficiently managed data center. Powerful tools, including Internet Information Services 7, updated
Server Manager and Hyper-V platforms, and Microsoft Windows PowerShell 2.0, work together to give
organizations greater control, increased efficiency, and the ability to react to frontline organizational
needs faster than ever before.
General
Home Page

http://technet.microsoft.com/enus/windowsserver/bb310558.aspx

Deployment

http://technet.microsoft.com/hi-in/library/ee344846(enus,WS.10).aspx

Changes in Functionality from


Windows Server 2008 to Windows
Server 2008 R2

http://technet.microsoft.com/enau/library/dd391932(WS.10).aspx

Active Directory Domain Services


Active Directory Domain Services is the central location for configuration information, authentication
requests, and information about all objects stored within the forest structure. With Active Directory
Domain Services, organizations can efficiently manage users, computers, groups, printers, applications,
and other directory-enabled objects from one highly secure, central location.
General
Home Page

http://technet.microsoft.com/library/cc770946(WS.10).aspx

Features in Active Directory Domain


Services

http://technet.microsoft.com/hi-in/library/dd378796(enus,WS.10).aspx

Active Directory Domain Services


Operations Guide

http://technet.microsoft.com/enus/library/cc816807(WS.10).aspx

Active Directory Lightweight Directory Services


Active Directory Lightweight Directory Services provides directory services for directory-enabled
applications, without requiring or relying on Active Directory domains or forests. Organizations can run
Active Directory Lightweight Directory Services on member servers or stand-alone servers. They also

Architecture Guide

Page 29 of 123

can run multiple instances of Active Directory Lightweight Directory Serviceseach with its own
independently managed schemaon one server.
General
Home Page

http://technet.microsoft.com/library/cc731868(WS.10).aspx

Overview

http://technet.microsoft.com/en-us/library/cc732019.aspx

Network Policy and Access Services


Network Policy and Access Services in Windows Server 2008 R2 delivers a variety of methods to help
provide more secure local and remote network connectivity, connect network segments, and enable
network administrators to centrally manage network access and client health policies. With Network
Access Services, organizations can more securely deploy virtual private network (VPN) servers, dial-up
servers, routers, and 802.1X-protected wireless access. They also can deploy RADIUS servers and
proxies and use the Connection Manager Administration Kit to create remote access profiles that allow
client computers to safely connect to the network.
General
Introduction

http://technet.microsoft.com/library/cc754521(WS.10).aspx

Network Policy and Access Services


overview for Windows Server 2008 R2

http://technet.microsoft.com/en-us/library/cc731321.aspx

Network Policy Server (NPS)

http://technet.microsoft.com/en-us/library/cc732912.aspx

Group Policy
Group Policy helps organizations manage configurations for groups of computers and users, including
options for registry-based policy settings, security settings, software deployment, scripts, folder
redirection, Remote Installation Services, and maintenance of Microsoft Internet Explorer. By using
Group Policy, organizations can significantly reduce the total cost of ownership (TCO). Because of
factors such as the large number of policy settings available, the interaction between multiple policies,
and inheritance options, Group Policy design can be complex. By carefully planning, designing, and
testing a solution based on business requirements, organizations can provide the necessary
standardized functionality, security, and management control.
General
Home Page

http://technet.microsoft.com/library/cc726027(WS.10).aspx

Whats New in Group Policy

http://technet.microsoft.com/enus/library/dd367853(WS.10).aspx

Windows PowerShell cmdlets for


Group Policy

http://technet.microsoft.com/enus/library/dd367856(WS.10).aspx

Internet Information Services 7.0


Microsoft Internet Information Services 7.0 is a powerful web application and services platform that
delivers rich, web-based experiences. Internet Information Services 7.0 offers improved administrative
and diagnostic tools to help lower infrastructure costs on a variety of popular development platforms.
With improved reliability and scalability, IT professionals and developers can manage the most
demanding web service environments, from a single web server to a large web farm.

Architecture Guide

Page 30 of 123

General
Internet Information Services 7.0

http://technet.microsoft.com/enus/library/cc732050(WS.10).aspx

Internet Information Services 7.0


Development

http://msdn.microsoft.com/en-us/library/ms692515(VS.90).aspx

Hyper-V
With Microsoft Hyper-V, organizations can more easily take advantage of the cost savings of
virtualization through Windows Server 2008 R2. Organizations can optimize server hardware
investments by consolidating multiple server roles as separate virtual machines running on a single
physical machine, efficiently run multiple different operating systems in parallel on a single server, and
fully use the power of Microsoft x64 computing technologies.
General
Home Page

http://technet.microsoft.com/enus/windowsserver/dd448604.aspx

Hyper-V Features

http://technet.microsoft.com/enus/library/cc753637(WS.10).aspx

Getting Started

http://technet.microsoft.com/enus/library/ee344828(WS.10).aspx

Hyper-V Planning

http://technet.microsoft.com/enus/library/ee344841(WS.10).aspx

Hyper-V Installation

http://technet.microsoft.com/enus/library/ee344837(WS.10).aspx

Hyper-V Configuration

http://technet.microsoft.com/enus/library/ee344820(WS.10).aspx

Windows Deployment Services


Windows Deployment Services, the updated and redesigned version of Remote Installation Services, is
a suite of components that work together in Windows Server 2008 R2 to enable the deployment of
Windows operating systems, particularly Windows Vista. With Windows Deployment Services,
organizations can deploy Windows operating systems over the network instead of installing each
operating system directly from a CD or DVD. They also can use Windows Deployment Services to
repurpose existing computers.
General
Overview

http://technet.microsoft.com/hi-in/library/cc772106(enus,WS.10).aspx

Windows Deployment Services for


Windows Server 2008 R2

http://technet.microsoft.com/enus/library/dd348502(WS.10).aspx

Getting Started Guide

http://technet.microsoft.com/enus/library/cc771670(WS.10).aspx

Deployment Guide

http://technet.microsoft.com/hi-in/library/cc770667(enus,WS.10).aspx

Architecture Guide

Page 31 of 123

Windows Firewall with Advanced Security


Windows Firewall with Advanced Security is a host-based firewall that blocks incoming and outgoing
connections based on its configuration. While typical end-user configuration of Windows Firewall
occurs through the Windows Firewall Control Panel tool, advanced configuration now occurs in
Windows Firewall with Advanced Security, a Microsoft Management Control snap-in.
General
Firewall with Advanced Security and
IPSec

http://technet.microsoft.com/enus/library/cc732283(WS.10).aspx

Introduction to Windows Firewall with


Advanced Security

http://technet.microsoft.com/enus/library/cc730955(WS.10).aspx

Windows Firewall with Advanced


Security Design Guide

http://technet.microsoft.com/enus/library/cc732024(WS.10).aspx

Windows Firewall with Advanced


Security Deployment Guide

http://technet.microsoft.com/enus/library/cc972925(WS.10).aspx

Windows Server 2012


Windows Server 2012 is designed to help IT pros enact cloud optimization while satisfying business
needs more quickly and efficiently. Windows Server 2012 provides a highly available and easy-tomanage multiserver platform that offers flexible storage, continuous availability, and management
efficiency. With Windows Server 2012, Microsoft delivers a server platform based on the experience of
building and operating many of the world's most complex cloud-based services and largest data
centers. Whether administrators are setting up a single server for a small business or architecting a
major new data center environment, Windows Server 2012 can help them cloud optimize their IT so
they can more fully meet their organizations unique needs.
General
Home Page

http://www.microsoft.com/en-us/server-cloud/windowsserver/default.aspx

Windows Server 2012 Overview

http://www.microsoft.com/en-us/server-cloud/windowsserver/overview.aspx

What's New in Windows Server 2012

http://technet.microsoft.com/library/hh831769.aspx

Windows Server 2012 Capabilities

http://www.microsoft.com/en-us/server-cloud/windowsserver/capabilities.aspx

Active Directory Domain Services


Active Directory Domain Services provides a distributed database that stores and manages information
about network resources and application-specific data from directory-enabled applications. A server
that is running Active Directory Domain Services is called a domain controller. Administrators can use
Active Directory Domain Services to organize elements of a network, such as users, computers, and
other devices, into a hierarchical containment structure. The hierarchical containment structure
includes the Active Directory forest, domains in the forest, and organizational units (OUs) in each
domain.

Architecture Guide

Page 32 of 123

General
Active Directory Domain Services
overview

http://technet.microsoft.com/en-us/library/hh831484.aspx

What's New in Active Directory Domain http://technet.microsoft.com/en-us/library/hh831477.aspx


Services

Active Directory Lightweight Directory Services


Active Directory Lightweight Directory Services is a Lightweight Directory Access Protocol (LDAP)
directory service that provides flexible support for directory-enabled applications, without the
dependencies and domain-related restrictions of Active Directory Domain Services. Organizations can
run Active Directory Lightweight Directory Services on member servers or stand-alone servers. They
also can run multiple instances of Active Directory Lightweight Directory Serviceseach with its own
independently managed schemaon one server. In addition, Active Directory Lightweight Directory
Services provides directory services for directory-enabled applications without the overhead of
domains and forests or the requirements of a single schema throughout a forest.
General
Active Directory Lightweight Directory
Services Overview

http://technet.microsoft.com/en-us/library/hh831593.aspx

Active Directory Lightweight Directory


Services Operations Guide

http://technet.microsoft.com/enus/library/cc816635%28v=ws.10%29.aspx

Active Directory Lightweight Directory


Services Getting Started/Step-By-Step
Guide

http://technet.microsoft.com/enus/library/cc770639%28v=ws.10%29.aspx

Network Policy and Access Services


Organizations can use the Network Policy and Access Services server role to deploy and configure
Network Access Protection (NAP), secure wired and wireless access points, and RADIUS servers and
proxies. The role also allows deploying virtual private networking (VPN), dial-up networking, and
802.11-protected wireless access. With Network Policy and Access Services, administrators can define
and enforce policies for network access authentication, authorization, and client health using NAP,
Routing and Remote Access Services, Health Registration Authority (HRA), and Host Credential
Authorization Protocol (HCAP).
General
Network Policy and Access Services

http://technet.microsoft.com/enus/windowsserver/dd448603.aspx

Network Policy and Access Services


Overview

http://technet.microsoft.com/library/hh831683

Best Practices Analyzer for Network


Policy and Access Services

http://technet.microsoft.com/enus/library/ee922640%28v=ws.10%29.aspx

Architecture Guide

Page 33 of 123

Group Policy
Group Policy allows administrators to specify managed configurations for users and computers
through Group Policy settings and Group Policy preferences. For Group Policy settings that affect only
a local computer or user, administrators can use the Local Group Policy Editor. They can manage Group
Policy settings and Group Policy preferences in an Active Directory Domain Services environment
through the Group Policy Management Console. Group Policy management tools also are included in
the Remote Server Administration Tools pack to provide a way to administer Group Policy settings
from remote machines.
General
Group Policy Home Page

http://technet.microsoft.com/enus/windowsserver/bb310732.aspx

Group Policy Overview

http://technet.microsoft.com/library/hh831791

Designing a Group Policy Infrastructure http://technet.microsoft.com/en-us/library/c75e3e6f-c3224220-b205-46c6e9ba7674

Internet Information Services 8


Internet Information Services (IIS) 8 is a unified web platform that integrates IIS, ASP.NET, FTP services,
PHP, and Windows Communication Foundation (WCF). With IIS 8 in Windows Server 2012, developers
can customize the functionality of IIS, create applications to assist in managing IIS, and create
applications that run on IIS. IIS also enables the extensibility of configuration, scripting, event logging,
and administration tools, providing software developers with a complete server platform on which to
build web server extensions.
General
Internet Information Services Overview http://technet.microsoft.com/en-us/library/hh831725.aspx
Internet Information Services
Development

http://msdn.microsoft.com/enus/library/ms692515%28v=vs.90%29.aspx

Internet Information Services


Extensions

http://msdn.microsoft.com/enus/library/hh943083%28v=vs.90%29.aspx

Hyper-V
The Hyper-V role enables IT administrators to create and manage a virtualized computing environment
by using virtualization technology built into Windows Server 2012. Hyper-V role deployment installs
required components and, optionally, management tools. Required components include Windows
hypervisor, Hyper-V Virtual Machine Management Service, and the virtualization Windows
Management Instrumentation (WMI) provider, as well as other virtualization components like the
virtual machine bus (VMbus), virtualization service provider (VSP) and virtual infrastructure driver (VID).
Hyper-V virtualizes hardware to provide an environment in which administrators can run multiple
operating systems at the same time on one physical computer by running each operating system in its
own virtual machine.

Architecture Guide

Page 34 of 123

General
Hyper-V Home Page

http://technet.microsoft.com/enus/windowsserver/dd448604.aspx

Hyper-V Overview

http://technet.microsoft.com/en-us/library/hh831531

What's New in Hyper-V

http://technet.microsoft.com/library/hh831410

Hyper-V Getting Started Guide

http://technet.microsoft.com/library/cc732470%28WS.10%29.as
px

Windows Deployment Services


In Windows Server 2012, Windows Deployment Services (WDS) is a server role that enables
administrators to remotely deploy Windows operating systems. Administrators can use it to set up new
computers through a network-based installation. This means that administrators do not have to install
each operating system directly from a CD, USB drive, or DVD. To use WDS, administrators should have
a working knowledge of common desktop deployment technologies and networking components,
including Dynamic Host Configuration Protocol (DHCP), Domain Name System (DNS), and Active
Directory Domain Services. It is also helpful to understand the Preboot execution Environment (also
known as the Pre-Execution Environment).
General
Windows Deployment Services
Overview

http://technet.microsoft.com/en-us/library/hh831764.aspx

Windows Deployment Services Getting http://technet.microsoft.com/en-us/library/jj648426.aspx


Started Guide
Windows Deployment Services Guide

http://technet.microsoft.com/en-us/library/cc265612.aspx

Windows Firewall with Advanced Security


In Windows Server 2012, Windows Firewall with Advanced Security is an important part of a layered
security model. By providing host-based, two-way network traffic filtering for a computer, Windows
Firewall with Advanced Security blocks unauthorized network traffic flowing into or out of the local
computer. Windows Firewall with Advanced Security also works with Network Awareness so that it can
apply security settings appropriate to the types of networks to which the computer is connected.
Windows Firewall and IPsec configuration settings are integrated into a single Microsoft Management
Console (MMC) named Windows Firewall with Advanced Security, so Windows Firewall is also an
important part of a networks isolation strategy.
General
Windows Firewall with Advanced
Security Overview

http://technet.microsoft.com/en-us/library/hh831365.aspx

Windows Firewall with Advanced


Security Getting Started Guide

http://technet.microsoft.com/enus/library/cc748991%28v=ws.10%29.aspx

Windows Firewall with Advanced


Security Step-By-Step Guide

http://www.microsoft.com/enus/download/details.aspx?id=11698

Architecture Guide

Page 35 of 123

Using Windows Firewall with Advanced http://msdn.microsoft.com/enus/library/windows/desktop/aa366418%28v=vs.85%29.aspx


Security

Storage Spaces
Windows Server 2012 delivers sophisticated storage virtualization capabilities, empowering customers
to use industry-standard storage for single computer and scalable multinode deployments. It is
appropriate for a wide range of customersfrom consumers using Windows 8 for personal storage, to
enterprises and cloud-hosting companies using Windows Server 2012 for highly available storage that
can cost effectively grow with demand.
General
Storage Spaces Overview

http://technet.microsoft.com/en-us/library/hh831739.aspx

Storage Spaces Frequently Asked


Questions

http://social.technet.microsoft.com/wiki/contents/articles/11382
.storage-spaces-frequently-asked-questions-faq.aspx

Deploying and Managing Storage


Spaces with PowerShell

http://www.microsoft.com/enus/download/details.aspx?id=30125

Microsoft System Center


System Center is central to the Microsoft vision of helping IT organizations benefit from self-managing,
dynamic systems. Microsoft System Center solutions capture and aggregate knowledge about
infrastructures, policies, processes, and best practices so that IT staff can build manageable systems
and automate operations to reduce costs, improve application availability, and enhance service
delivery.
General
Home Page

http://www.microsoft.com/SystemCenter/

System Center Library

http://technet.microsoft.com/hi-in/library/cc507089(en-us).aspx

System Center Operations Manager 2007 R2


Microsoft System Center Operations Manager 2007 R2 delivers end-to-end service management of
applications and IT services across the data center, helping to provide greater control and insight into
the health and performance of Microsoft, UNIX, and Linux servers and the workloads running on them.
With System Center Operations Manager 2007 R2, organizations can reduce the cost of managing the
data center and ensure delivery of IT services to expected levels.
General
What's New

http://technet.microsoft.com/en-us/library/dd362653.aspx

Getting Started

http://technet.microsoft.com/en-us/library/dd887701.aspx

Design Guide

http://technet.microsoft.com/en-us/library/dd789005.aspx

Deployment Guide

http://technet.microsoft.com/en-us/library/bb419281.aspx

Architecture Guide

Page 36 of 123

System Center 2012 Operations Manager


Microsoft System Center 2012 Operations Manager provides infrastructure monitoring that is flexible
and cost effective; helps to ensure the predictable performance and availability of vital applications;
and offers comprehensive monitoring for the data center and cloud, both private and public.
General
Home Page

http://www.microsoft.com/systemcenter/en/us/om-vnextbeta.aspx

Overview

http://technet.microsoft.com/en-us/library/hh205987.aspx

Getting Started

http://technet.microsoft.com/en-us/library/hh509025.aspx

Deployment Guide

http://technet.microsoft.com/en-us/library/hh278852.aspx

System Center Data Protection Manager 2010


Microsoft System Center Data Protection Manager 2010 is a backup and recovery solution for
Windows applications and file servers that uses seamlessly integrated disk and tape.
General
Home Page

http://technet.microsoft.com/en-us/library/ff399192.aspx

Planning and Deployment

http://technet.microsoft.com/en-us/library/ff399519.aspx

Data Protection Manager 2010


Operations

http://technet.microsoft.com/en-us/library/ff399138.aspx

System Center 2012 Data Protection Manager


Microsoft System Center 2012 Data Protection Manager provides centralized management and
granular access as few of its key features. It enables disk-based and tape-based data protection and
recovery for servers such as SQL Server, Exchange Server, SharePoint, virtual servers, file servers, and
support for Windows desktops and laptops. It can also centrally manage system state and Bare Metal
Recovery (BMR).
General
Whats New?

http://technet.microsoft.com/en-us/edge/Video/hh285690

Planning

http://technet.microsoft.com/en-us/library/hh758140.aspx

Deploying

http://technet.microsoft.com/en-us/library/hh757823.aspx

Operations Guide

http://technet.microsoft.com/en-us/library/hh757851.aspx

Troubleshooting Guide

http://technet.microsoft.com/en-us/library/hh872921.aspx

System Center Configuration Manager 2007 R3


Microsoft System Center Configuration Manager 2007 R3 includes a complete set of power
management tools, scale and performance enhancements, and mobile device management to help
organizations gain better insight into and control over their IT systems.

Architecture Guide

Page 37 of 123

General
Home Page

http://technet.microsoft.com/en-us/library/bb735860.aspx

Whats New

http://technet.microsoft.com/en-us/library/ff977104.aspx

Planning and Deployment

http://technet.microsoft.com/en-us/library/bb693806.aspx

System Center 2012 Configuration Manager


Microsoft System Center 2012 Configuration Manager provides a comprehensive solution for change
and configuration management for the Microsoft platform. It can help end users employ the devices
and applications they need to be productive, while maintaining corporate compliance and control.
General
Home Page

http://www.microsoft.com/systemcenter/en/us/configurationmanager/cm-vnext-beta.aspx

Getting Started

http://technet.microsoft.com/en-us/library/gg682144.aspx

Client Deployment

http://technet.microsoft.com/en-us/library/gg699391.aspx

Security and Privacy

http://technet.microsoft.com/en-us/library/gg682033.aspx

Documentation Library

http://technet.microsoft.com/en-us/library/gg682041.aspx

System Center Virtual Machine Manager 2008 R2


Microsoft System Center Virtual Machine Manager 2008 R2 can help organizations centrally manage
physical and virtual IT infrastructure, increase server utilization, and dynamically optimize resources
across multiple virtualization platforms. It includes end-to-end capabilities like planning, deploying,
managing, and optimizing the virtual infrastructure.
General
Overview

http://technet.microsoft.com/hi-in/library/cc764290(en-us).aspx

Evaluation Center

http://technet.microsoft.com/en-us/evalcenter/cc793138.aspx

Technical Reference

http://technet.microsoft.com/enus/systemcenter/vmm/ff469737.aspx

What's New in Virtual Machine


Manager 2008 R2

http://technet.microsoft.com/hi-in/library/ee230429(en-us).aspx

Planning and Architecture

http://technet.microsoft.com/hi-in/library/cc764219(en-us).aspx

Operations

http://technet.microsoft.com/hi-in/library/cc764329(en-us).aspx

Deployment

http://technet.microsoft.com/hi-in/library/cc764339(en-us).aspx

System Center 2012 Virtual Machine Manager


Microsoft System Center 2012 Virtual Machine Manager is a management solution for the virtualized
data center that enables organizations to configure and manage virtualized host, networking, and
storage resources to create and deploy virtual machines and services to private clouds resources.

Architecture Guide

Page 38 of 123

General
Home Page

http://technet.microsoft.com/en-us/library/gg610610.aspx

Getting Started

http://technet.microsoft.com/en-us/library/gg610561.aspx

Deployment

http://technet.microsoft.com/en-us/library/gg610669.aspx

Administration

http://technet.microsoft.com/en-us/library/gg610615.aspx

Configuration

http://technet.microsoft.com/en-us/library/gg675078.aspx

System Center Service Manager 2010


Microsoft System Center Service Manager 2010 is an integrated platform for automating and adapting
organizations IT service management best practices, such as those found in the Microsoft Operations
Framework and Information Technology Infrastructure Library. It provides built-in processes for
resolving incidents and problems, controlling changes, and managing the asset life cycle. Through its
configuration management database and process integration, System Center Service Manager
automatically connects knowledge and information from System Center Operations Manager, System
Center Configuration Manager, and Active Directory.
General
Overview

http://channel9.msdn.com/Events/TechEd/NorthAmerica/2010/
MGT313

Download Details

http://technet.microsoft.com/en-us/evalcenter/ee348897.aspx

System Center 2012 Service Manager


Microsoft System Center 2012 Service Manager delivers standardized, compliant, and automated IT as
a service.
General
Overview

http://technet.microsoft.com/en-us/edge/Video/hh285691

Opalis
Opalis is an automation platform for arranging and integrating IT tools to reduce the cost of data
center operations while improving the reliability of IT processes. Opalis helps IT organizations
automate best practices, such as those found in the Microsoft Operations Framework and Information
Technology Infrastructure Library. Through Opalis, workflow processes coordinate System Center and
other management tools to automate incident response, change, compliance, and service life-cycle
management processes.
General
Home Page

http://www.microsoft.com/systemcenter/en/us/opalis.aspx

Download Details

http://technet.microsoft.com/enus/systemcenter/hh913943.aspx

Installing Opalis Integration Server


Client without Using Deployment
Manager

http://social.technet.microsoft.com/wiki/contents/articles/howto-install-opalis-integration-server-client-without-usingdeployment-manager.aspx

Architecture Guide

Page 39 of 123

System Center 2012 Orchestrator


Microsoft System Center 2012 Orchestrator provides orchestration, integration, and automation of IT
processes through the creation of run books that enable organizations to define and standardize best
practices and improve operational efficiency.
General
Home Page

http://www.microsoft.com/systemcenter/en/us/orchestrator.asp
x

Overview

http://channel9.msdn.com/Events/TechEd/NorthAmerica/2011/
SIM207

Installation

http://technet.microsoft.com/en-us/library/hh237242.aspx

Deployment Integration Packs

http://technet.microsoft.com/en-us/library/hh420337.aspx

Installation

http://technet.microsoft.com/en-us/library/hh420336.aspx

Download Details

http://www.microsoft.com/download/en/details.aspx?id=26503

Windows Storage Server 2008


Windows Storage Server 2008 provides file storage and print server capabilities for client and server
computers in an organizations network environment. Organizations can use storage appliances that
run Windows Storage Server 2008 in failover clusters to provide high-availability storage for
application servers and file storage.
General
Overview

http://technet.microsoft.com/enus/library/dd573315(WS.10).aspx

Getting Started

http://technet.microsoft.com/enus/library/dd573323(WS.10).aspx

Windows Storage Server 2008 R2


Windows Storage Server 2008 R2 is built on the Windows Server 2008 R2 operating system to provide
a platform for network-attached storage (NAS) appliances. It is optimized to deliver better file serving.
The Windows Storage Server product family provides advanced storage solutions for a range of
organizations, from small businesses to enterprises. It includes storage technologies such as file
deduplication, as well as an iSCSI software target for unified file services and block I/O storage.
General
Overview

http://technet.microsoft.com/enus/library/gg232660(v=ws.10).aspx

Getting Started

http://technet.microsoft.com/enus/library/gg214166(WS.10).aspx

Technical Reference

http://technet.microsoft.com/enus/library/gg277981(WS.10).aspx

Architecture Guide

Page 40 of 123

Windows Server AppFabric


Windows Server AppFabric is a set of application services that are focused on improving the
performance and management of web, composite, and enterprise applications. To deliver these
benefits, Windows Server AppFabric provides distributed caching technology and prebuilt
management and monitoring infrastructure that use familiar .NET capabilities.
General
Home Page

http://msdn.microsoft.com/enus/library/ff384253(v=azure.10).aspx

Resources

http://msdn.microsoft.com/enus/windowsserver/ee695849.aspx

Windows Server AppFabric Concepts


and Architecture

http://msdn.microsoft.com/en-us/library/ee677175.aspx

Architectural Overview

http://msdn.microsoft.com/en-us/library/ee677374.aspx

Microsoft Hyper-V Server 2008


Microsoft Hyper-V Server 2008 provides a simplified, reliable, and optimized virtualization solution that
improves server use and reduces costs. Hyper-V Server is a dedicated, stand-alone product that gives
organizations a small footprint with minimal overhead. IT administrators can easily plug Hyper-V Server
into existing IT environments and can use existing patches, provisioning, management, support tools,
processes, and capabilities.
General
Overview

http://www.microsoft.com/hyper-v-server/en/us/2008overview.aspx

FAQ

http://technet.microsoft.com/library/dd560637(WS.10).aspx

Getting to Know Hyper-V

http://technet.microsoft.com/enus/library/ee256064(v=ws.10).aspx

Microsoft Hyper-V Server 2008 R2


Microsoft Hyper-V Server 2008 R2 provides a simplified, reliable, and optimized virtualization solution
that improves server use and reduces costs. Hyper-V Server is a dedicated, stand-alone product that
gives organizations a small footprint with minimal overhead. IT administrators can easily plug Hyper-V
Server into existing IT environments and can use existing patches, provisioning, management, support
tools, processes, and capabilities. Microsoft Hyper-V Server 2008 R2 adds features such as live
migration, clusters, shared-volume support, and expanded processor and memory support for host
systems.
General
Home Page

http://technet.microsoft.com/enus/library/ee815281(v=ws.10).aspx

Get Started

http://technet.microsoft.com/hi-in/library/ee815289(enus,WS.10).aspx

Live Migration

http://technet.microsoft.com/hi-in/library/ee815293(enus,WS.10).aspx

Architecture Guide

Page 41 of 123

General
Install and Setup

http://technet.microsoft.com/enus/library/ee815292(v=ws.10).aspx

Deployment

http://technet.microsoft.com/hi-in/library/ee731893(enus,WS.10).aspx

Microsoft BizTalk Server 2009


BizTalk Server 2009 helps organizations to integrate systems, automate processes, and communicate
across global processes, partnerships, and supply chains.
General
Overview

http://technet.microsoft.com/enUS/library/ee299295(v=bts.10).aspx

Get Started

http://technet.microsoft.com/hi-in/library/aa560946(enus,BTS.10).aspx

Planning and Architecture

http://technet.microsoft.com/hi-in/library/aa561091(enus,BTS.10).aspx

Development

http://technet.microsoft.com/hi-in/library/aa559745(enus,BTS.10).aspx

System Components Integration


This section describes the integration points of BizTalk Server 2009 with other system components.

Associated System Components


This section describes the dependencies and recommendations for BizTalk Server 2009 and highlights
the capabilities as enabled directly or when integrated with another system component.

Interoperability with SQL Server 2008 R2


BizTalk Server is dependent on SQL Server 2008 R2 for the messaging tracking database and other
databases. The most sensitive information, such as credential information containing details of
database connection strings, user names, and passwords related to the BizTalk adapters, is stored
in an encrypted format in the SSO database.

Interoperability with Core and Management Services


BizTalk Server 2009 uses the following technologies and services:

Windows Server 2008 R2


Windows Server provides an installation and deployment platform, granular services, and
other essential components and technologies.
Active Directory Domain Services can help administrators manage user identities and
relationships.
The Active Directory Lightweight Directory Services server role is a Lightweight Directory
Access Protocol (LDAP) directory service that provides data storage and retrieval for
directory-enabled applications, without the dependencies that are required for Active
Directory Domain Services.

Architecture Guide

Page 42 of 123

Network Policy and Access Services (NPAS) provides technologies that allow deployment
of virtual private networking (VPN), dial-up networking, and 802.11-protected wireless
access. With NPAS, organizations can define and enforce policies for network access
authentication, authorization, and client health.
Group Policy provides an infrastructure for centralized configuration management of the
operating system and applications that run on the operating system.
Internet Information Services (IIS) 7.0 is a powerful web server that provides a highly
reliable, manageable, and scalable web application infrastructure.
The Hyper-V virtualization platform can be used to create and manage a virtualized server
computing environment.
Windows Deployment Services can help administrators remotely deploy Windows
operating systems.
Windows Firewall with Advanced Security helps protect computers on a network through
a stateful firewall that enables administrators to determine what network traffic to permit
to pass between a computer and the network. It also includes connection security rules
that use Internet Protocol security (IPsec) to help protect traffic as it travels across the
network.

Internet Security and Acceleration Server 2006 protects the IT environment from Internetbased threats and provides users with fast and secure remote access to applications and data.

Windows Storage Server 2008 enables high-availability scenarios by providing backup and
replication of stored data.

Microsoft Hyper-V Server 2008 provides a reliable and optimized virtualization solution that
helps organizations improve server use and reduce costs through a small footprint and
minimal overhead.

System Center family helps organizations by providing IT with self-managing and monitoring
of dynamic systems. System Center family provides:
A comprehensive view of the health of the IT environment.
Optimized disk-based backup and recovery, more consistent data protection, and features
to increase the IT organizations operational efficiencies.
A secure and scalable operating system, application deployment, and configuration
management.
Unified management of physical and virtual machines, consolidation of underutilized
physical servers, and rapid provisioning of new virtual machines.
A flexible platform for automating and adapting IT Service Management best practices to
the organizations requirements.
Automated incident response, change and compliance, and service life-cycle management
processes.

Microsoft BizTalk Server 2010


BizTalk Server 2010 helps organizations to integrate systems, automate processes, and communicate
across global processes, partnerships, and supply chains.

Architecture Guide

Page 43 of 123

General
Home Page

http://www.microsoft.com/biztalk/en/us/default.aspx

Microsoft BizTalk Server 2010 Help

http://technet.microsoft.com/hi-in/library/aa548004(enus,BTS.70).aspx

Planning and Architecture

http://technet.microsoft.com/hi-in/library/aa561091(enus,BTS.70).aspx

Development

http://technet.microsoft.com/hi-in/library/aa559745(enus,BTS.70).aspx

Deployment

http://technet.microsoft.com/hi-in/library/aa548040(enus,BTS.70).aspx

Operations

http://technet.microsoft.com/hi-in/library/aa561973(enus,BTS.70).aspx

System Components Integration


This section describes the integration points of BizTalk Server 2010 with other system components.

Associated System Components


This section describes the dependencies and recommendations for BizTalk Server 2010 and highlights
the capabilities as enabled directly or when integrated with another system component.

Interoperability with SQL Server 2012


BizTalk Server is dependent on SQL Server 2012 for the messaging tracking database and other
databases. The most sensitive information, such as credential information containing details of
database connection strings, user names, and passwords related to the BizTalk adapters, is stored
in an encrypted format in the SSO database.

Interoperability with Core and Management Services


BizTalk Server 2010 uses the following technologies and services:

Windows Server 2012


Windows Server provides an installation and deployment platform, granular services, and
other essential components and technologies.
Active Directory Domain Services can help administrators manage user identities and
relationships.
The Active Directory Lightweight Directory Services server role is a Lightweight Directory
Access Protocol (LDAP) directory service that provides data storage and retrieval for
directory-enabled applications, without the dependencies that are required for Active
Directory Domain Services.
Network Policy and Access Services (NPAS) provides technologies that allow deployment
of virtual private networking (VPN), dial-up networking, and 802.11-protected wireless
access. With NPAS, organizations can define and enforce policies for network access
authentication, authorization, and client health.
Group Policy provides an infrastructure for centralized configuration management of the
operating system and applications that run on the operating system.
Internet Information Services (IIS) 8.0 is a powerful web server that provides a highly
reliable, manageable, and scalable web application infrastructure.

Architecture Guide

Page 44 of 123

The Hyper-V virtualization platform can be used to create and manage a virtualized server
computing environment.
Windows Deployment Services can help administrators remotely deploy Windows
operating systems.
Windows Firewall with Advanced Security helps protect computers on a network through
a stateful firewall that enables administrators to determine what network traffic to permit
to pass between a computer and the network. It also includes connection security rules
that use Internet Protocol security (IPsec) to help protect traffic as it travels across the
network.
Storage Spaces enables virtualized storage capabilities by grouping industry-standard
disks into storage pools, and then creating virtual disks called storage spaces from the
available capacity in the storage pools

Forefront Threat Management Gateway 2010 protects the IT environment from Internet-based
threats and provides users with fast and secure remote access to applications and data.

Windows Storage Server 2008 R2 enables high-availability scenarios by providing backup and
replication of stored data.

Microsoft Hyper-V Server 2008 R2 provides a reliable and optimized virtualization solution
that helps organizations improve server use and reduce costs through a small footprint and
minimal overhead.

System Center family helps organizations by providing IT with self-managing and monitoring
of dynamic systems. System Center family provides:
A comprehensive view of the health of the IT environment.
Optimized disk-based backup and recovery, more consistent data protection, and features
to increase the IT organizations operational efficiencies.
A secure and scalable operating system, application deployment, and configuration
management.
Unified management of physical and virtual machines, consolidation of underutilized
physical servers, and rapid provisioning of new virtual machines.
A flexible platform for automating and adapting IT Service Management best practices to
the organizations requirements.
Automated incident response, change and compliance, and service life-cycle management
processes.

CLIENT TECHNOLOGIES
This section contains links to the client technologies that Table 1 references.

Microsoft Office 2007


The 2007 Microsoft Office system provides a comprehensive tool set for people to gather and
consolidate virtually any type of information. People can then more easily share information with
others across geographical or organizational boundaries to deliver better results faster.
General
Get Started with Office 2007

Architecture Guide

http://office.microsoft.com/en-us/support/getting-started-withmicrosoft-office-2007-FX101839657.aspx

Page 45 of 123

Use Enterprise Deployment Tools for


the 2007 Office System

http://technet.microsoft.com/enus/library/cc303382(office.12).aspx

Deployment

http://technet.microsoft.com/hi-in/library/cc178982(enus,office.12).aspx

Security and Protection for the 2007


Office Release

http://technet.microsoft.com/enus/library/cc179135(office.12).aspx

Operations for the 2007 Office Release

http://technet.microsoft.com/enus/library/cc179068(office.12).aspx

Get Started with Office 2007


development

http://msdn.microsoft.com/hi-in/office/aa905363(en-us).aspx

Build Composite Applications by Using http://msdn.microsoft.com/en-us/architecture/bb220802.aspx


Microsoft Office System
Office Download Center

http://www.microsoft.com/office/downloads/

Microsoft Office Outlook 2007, Microsoft Office Word 2007, Microsoft Office Excel 2007, and Microsoft
Office PowerPoint 2007
Microsoft Office Outlook Home Page

http://office.microsoft.com/en-us/training/up-to-speed-withoutlook-2007-RZ010115400.aspx

Microsoft Office Excel Home Page

http://office.microsoft.com/en-us/excel-help/up-to-speed-withexcel-2007-RZ010062103.aspx

Microsoft Office Word Home Page

http://office.microsoft.com/en-us/help/up-to-speed-with-word2007-RZ010066490.aspx

Microsoft Office PowerPoint Home


Page

http://office.microsoft.com/en-us/training/up-to-speed-withpowerpoint-2007-RZ010068986.aspx

Microsoft Office Outlook Training

http://office.microsoft.com/en-us/training/outlook-2007training-courses-HA010218867.aspx

Microsoft Office Excel Training

http://office.microsoft.com/en-us/training/excel-2007-trainingcourses-HA010218987.aspx

Microsoft Office Word Training

http://office.microsoft.com/en-us/word-help/word-2007training-courses-HA010215566.aspx

Microsoft Office PowerPoint Training

http://office.microsoft.com/en-us/training/powerpoint-2007training-courses-HA010218498.aspx

Excel 2007 Development

http://msdn.microsoft.com/hi-in/office/aa905419(en-us).aspx

Outlook Developer Center

http://msdn.microsoft.com/enus/library/office/bb176810(v=office.12)

Word 2007 Development

http://msdn.microsoft.com/hi-in/office/aa905490(en-us).aspx

PowerPoint 2007 Development

http://msdn.microsoft.com/library/bb251391(v=office.12)

Microsoft Office 2010


Microsoft Office 2010 combines the tools people need to create, edit, and share documents from
virtually anywhere. It provides people at home or work with a comprehensive tool set to gather and
consolidate virtually any type of information, which they can easily share with others across
geographical or organizational boundaries to deliver better results faster.

Architecture Guide

Page 46 of 123

General
Home Page

http://office.microsoft.com/en-us/products/

Discover and Explore Microsoft Office


2010

http://technet.microsoft.com/office/ee691942.aspx

Plan the Deployment

http://technet.microsoft.com/hi-in/library/cc179137(enus,office.14).aspx

Configure and Deploy

http://technet.microsoft.com/hi-in/library/cc178982(enus,office.14).aspx

Developer Center

http://msdn.microsoft.com/hi-in/office/ee513173(en-us).aspx

Maintain and Update

http://technet.microsoft.com/hi-in/library/cc179068(enus,office.14).aspx

Technical Reference

http://technet.microsoft.com/hi-in/library/cc179032(enus,office.14).aspx

Secure and Protect

http://technet.microsoft.com/hi-in/library/cc179135(enus,office.14).aspx

Microsoft Outlook 2010, Microsoft Word 2010, Microsoft Excel 2010, and Microsoft PowerPoint 2010
Microsoft Outlook Home Page

http://office.microsoft.com/en-us/outlook/

Microsoft Excel Home Page

http://office.microsoft.com/en-us/excel/

Microsoft Word Home Page

http://office.microsoft.com/en-us/word/

Microsoft PowerPoint Home Page

http://office.microsoft.com/en-us/powerpoint/

What's New in Office 2010?

http://office.microsoft.com/en-us/products/whats-new-inoffice-2010-FX102459418.aspx

Microsoft Office Outlook Help and


How-To

http://office.microsoft.com/en-us/outlook-help/

Microsoft Office Excel Help and


How-To

http://office.microsoft.com/en-us/excel/FX100646951033.aspx

Microsoft Office Word Help and


How-To

http://office.microsoft.com/en-us/word/FX100649251033.aspx

Microsoft Office PowerPoint Help and


How-To

http://office.microsoft.com/enus/powerpoint/FX100648951033.aspx

Excel 2010 Deployment

http://msdn.microsoft.com/en-us/office/ff963563.aspx

Word 2010 Deployment

http://msdn.microsoft.com/en-us/office/ff972307.aspx

PowerPoint 2010 Deployment

http://msdn.microsoft.com/en-us/office/gg502922.aspx

Office 2010 Training

http://office.microsoft.com/en-us/support/trainingFX101782702.aspx

Microsoft Office Visio 2007


Microsoft Office Visio 2007 can help organizations visualize, explore, and communicate complex
information, systems, and processes.

Architecture Guide

Page 47 of 123

General
Beginners Guide

http://office.microsoft.com/en-us/visio-help/a-beginner-sguide-to-visio-2007-HA010214494.aspx

Visio 2007 Development

http://msdn.microsoft.com/hi-in/office/aa905480(en-us).aspx

Microsoft Visio 2010


Microsoft Visio 2010 provides advanced diagramming tools that help simplify complexity through
dynamic, data-driven visuals and more effective ways to share content on the web in real time.
General
Home Page

http://office.microsoft.com/en-us/visio/

Top 10 Reasons to Try Visio 2010

http://office.microsoft.com/en-us/visio/top-10-reasons-to-tryvisio-2010-HA101805356.aspx

Visio 2010 Resources

http://technet.microsoft.com/en-us/office/ee236295.aspx

Microsoft Office Project 2007


Microsoft Office Project 2007 provides robust project management tools that have the right blend of
usability, power, and flexibility to manage projects more efficiently and effectively. People can stay
informed and control project work, schedules, and finances; keep project teams aligned; and be more
productive through Office Project 2007 interoperability with familiar Microsoft Office system programs,
powerful reporting, guided planning, and flexible tools.
General
Developer Portal

http://msdn.microsoft.com/hi-in/office/aa905472(en-us).aspx

Project Demo

http://office.microsoft.com/enus/project/CH100740881033.aspx

Technical References

http://technet.microsoft.com/enus/library/cc303399(office.12).aspx

SDK Documentation

http://msdn.microsoft.com/enus/library/ms512767(v=office.12).aspx

Microsoft Project 2010


Microsoft Project 2010 offers flexibility and choice for individuals, teams, and the enterprise to
effectively manage all types of workfrom simple tasks to complex projects and programs.
General
Home Page

http://www.microsoft.com/project/2010/en/us/default.aspx

Get Started

http://office.microsoft.com/en-us/support/getting-started-withoffice-2010-FX101822272.aspx

Developer Portal

http://msdn.microsoft.com/en-us/office/aa905469.aspx

SDK Documentation

http://msdn.microsoft.com/enus/library/ms512767(office.14).aspx

Architecture Guide

Page 48 of 123

Forefront Endpoint Protection 2010


Forefront Endpoint Protection 2010 can help organizations simplify and improve protection of desktop
and server operating systems while greatly reducing infrastructure costs. It builds on System Center
Configuration Manager 2007 to enable organizations to use existing client management infrastructure
to deploy and maintain endpoint protection. This shared infrastructure helps reduce ownership costs
while improving visibility and control over endpoint management and security. Forefront Endpoint
Protection 2010 protects against known and unknown threats with endpoint inspection at the
application, file, and network layers.
General
Overview

http://technet.microsoft.com/en-us/library/ff823816.aspx

Technical Resources

http://www.microsoft.com/forefront/endpointprotection/en/us/technical-resources.aspx

Evaluation

http://technet.microsoft.com/en-us/evalcenter/ff182914.aspx

Download

http://www.microsoft.com/enus/download/details.aspx?id=7022

System Center 2012 Endpoint Protection


Microsoft System Center 2012 Endpoint Protection allows organizations to consolidate desktop
security and management in a single solution. It provides an antimalware and security solution for the
Microsoft platform. Built on System Center 2012 Configuration Manager, System Center 2012 Endpoint
Protection provides a comprehensive enterprise management solution that enables an organization to
centrally deploy endpoint protection to client systems, configure and manage policies and firewall
settings through role-based access, and automatically deploy updates. Microsoft System Center 2012
Endpoint Protection also sends out email notifications to IT when computers are affected by malware.
General
Home Page

http://www.microsoft.com/en-us/server-cloud/systemcenter/endpoint-protection-2012.aspx

Overview

http://technet.microsoft.com/en-us/library/hh508836.aspx

Planning for Endpoint Protection

http://technet.microsoft.com/library/hh508763.aspx

Configuring Endpoint Protection

http://technet.microsoft.com/library/hh508764.aspx

Operations and Maintenance for


Endpoint Protection

http://technet.microsoft.com/library/hh508772.aspx

Windows 7
Windows 7 is the most advanced Windows operating system for business PCs, and is designed to meet
the evolving needs of the users and IT professionalsboth in and out of the office. With exclusive
features and benefits, Windows 7 can lower total cost of ownership by helping users stay productive
virtually anywhere, enhancing security and control, and simplifying PC management across
organizations.
General
Home Page

Architecture Guide

http://www.microsoft.com/windows/windows-7/default.aspx

Page 49 of 123

General
Get Started

http://technet.microsoft.com/hi-in/library/dd349335(enus,WS.10).aspx

Planning and Architecture

http://technet.microsoft.com/hi-in/library/dd799262(enus,WS.10).aspx

Deployment

http://technet.microsoft.com/hi-in/library/dd349337(enus,WS.10).aspx

Help and How-To

http://windows.microsoft.com/en-US/windows7/help

Windows 8
Windows 8 operating system is built on the foundation of Windows 7 and has improved security and
reliability features. Windows 8 is fast and it is made to work on a variety of form factorsespecially the
new generation of touch devices. Windows 8 delivers experiences users want, offers new possibilities
for mobile productivity, and provides IT with a more secure, easy-to-manage infrastructure.
General
Home Page

http://windows.microsoft.com/en-US/windows/home

Get Started

http://windows.microsoft.com/en-US/windows-8/get-started

Planning and Architecture

http://technet.microsoft.com/en-us/windows/hh974335

Deployment

http://technet.microsoft.com/en-us/library/hh825230.aspx

FAQ

http://windows.microsoft.com/en-US/windows-8/faq

Offline Files
Offline Files makes network files available to a user, even if the network connection to the server is
unavailable or slow. When working online, file access performance is at the speed of the network and
server. When working offline, files are retrieved from the Offline Files folder at local access speeds.
General
Home Page

http://msdn.microsoft.com/library/cc296092.aspx

Offline Files Overview

http://technet.microsoft.com/en-us/library/hh848267.aspx

Deploy Offline Files

http://technet.microsoft.com/en-us/library/jj649074.aspx

Enable the Always Offline Mode to


provide Faster Access to Files

http://technet.microsoft.com/en-us/library/hh968298.aspx

Disable Offline Files on Individual


Redirected Folders

http://technet.microsoft.com/en-us/library/jj154097.aspx

CLOUD TECHNOLOGIES
This section contains links to the cloud technologies that Table 1 references.

Architecture Guide

Page 50 of 123

Business Productivity Online Standard (BPOS) Suite


Business Productivity Online Standard (BPOS) Suite is a set of enterprise products delivered as a
subscription service, hosted by Microsoft and sold with partners. It is designed for companies who
have managed IT needs. The suite includes Exchange Online, Office SharePoint Online, Office
Communications Online, and Forefront Online Protection for Exchange, and Office Live Meeting.
General
Home Page

http://www.microsoft.com/online/business-productivity.aspx

Transition to Office 365

http://www.microsoft.com/online/transition-center_before.aspx

Administration

http://www.microsoft.com/online/help/enus/helphowto/Administration.htm

Migration and Synchronization

http://www.microsoft.com/online/help/enus/helphowto/Migration-Synchronization.htm

Office 365
Office 365 is an online subscription service that provides email, shared calendars, the ability to create
and edit documents online, instant messaging, web conferencing, a public website for your business,
and internal team sitesall accessible from virtually anywhere from nearly any device.
General
Home Page

http://www.microsoft.com/en-us/office365/online-software.aspx

Get Started

http://technet.microsoft.com/en-US/office365

Deployment

http://technet.microsoft.com/en-us/library/hh852466.aspx

Development

http://technet.microsoft.com/en-us/library/hh852466.aspx

Microsoft SharePoint Online


Microsoft SharePoint Online gives businesses a highly secure, central location where employees can
more efficiently collaborate with team members, find organizational resources, manage content and
workflow, and gain business insight to make better-informed decisions. Employees can create and
manage custom, team-focused, and project-focused intranet sites to collaborate and share documents.
General
Home Page

http://www.microsoft.com/en-us/office365/sharepointonline.aspx#fbid=HvI_5fUsa4z

SharePoint Site Collections

http://www.microsoft.com/online/help/enus/helphowto/05a88822-3eab-4d97-91c1-e6244fd10c52.htm

Infrastructure Planning and Design


Guides for Microsoft Online Services

http://technet.microsoft.com/hiin/solutionaccelerators/ee424804(en-us).aspx

Develop for Microsoft SharePoint 2010 http://channel9.msdn.com/Events/TechEd/NorthAmerica/2011/


OSP210
Online

Architecture Guide

Page 51 of 123

Windows Azure Platform


Windows Azure platform offers a flexible, familiar environment for developers to create cloud
applications and services. With Windows Azure, organizations can shorten their time to market and
adapt as demand for their services grows.
General
Home Page

http://www.microsoft.com/windowsazure/

Quick Guide

http://msdn.microsoft.com/en-us/library/dd163896.aspx

Development

http://social.msdn.microsoft.com/Forums/enUS/windowsazuredevelopment/threads

Windows Azure
Windows Azure is an operating system in Microsoft Cloud Services that serves as the development,
service hosting, and service management environment for the Windows Azure platform. Windows
Azure provides developers with on-demand compute and storage to host, scale, and manages web
applications on the Internet through Microsoft data centers.
General
Home Page

http://www.microsoft.com/windowsazure/windowsazure/

Overview

http://msdn.microsoft.com/enus/library/windowsazure/dd163896.aspx

Get Started

http://www.windowsazure.com/en-us/develop/overview/

Plan and Design Applications

http://msdn.microsoft.com/enus/library/windowsazure/hh674495

System Components Integration


This section describes the integration points of Windows Azure with other system components.

Usage Scenarios
This section describes the usage scenarios as supported by Windows Azure in integration with other
system components.
Enabling services to navigate firewalls or network boundaries
Service Bus provides network infrastructure to help users connect applications over the Internet, using
a variety of different messaging patterns that cross firewalls and NAT devices without losing security.

AppFabric
Windows Azure platform AppFabric helps developers connect applications and services in the cloud or
on- premises. This capability includes applications that run on Windows Azure, Windows Server, and
other platforms including Java, Ruby, and PHP. AppFabric provides a service bus for connectivity across
network and organizational boundaries, and access control for federated authorization as a service.
General

Architecture Guide

Page 52 of 123

Download

http://www.microsoft.com/enus/download/details.aspx?id=27421

Integration with Windows Azure


AppFabric

http://social.technet.microsoft.com/wiki/contents/articles/7930.
mscrm2011-integration-with-windows-azure-appfabric-part1.aspx

System Components Integration


This section describes the integration points of Windows Azure AppFabric with other system
components.

Usage Scenarios
Secure connectivity between loosely coupled services and applications over the Internet across firewall,
domain, and network boundaries
AppFabric helps users more easily connect on-premises applications with the cloud. AppFabric Access
Control and Service Bus provide core functionality related to secure application connectivity. AppFabric
Access Control Service simplifies the authentication and authorization processes in web applications
and services. AppFabric Service Bus helps users expose application or service functionality across a
variety of network-related constraints and establishes connectivity and flexible communication among
applications. The primary feature of the Service Bus is to relay messages from clients through the
Windows Azure cloud to software running on-premises, bypassing any firewalls, network address
translations (NATs), or other network obstacles that might be in the way. The Service Bus can also help
negotiate direct connections between applications.

Active Directory Access Control


Active Directory Access Control is a modern, REST-based service that provides identity management
and access control capabilities for your cloud applications. It provides a cloud-based identity provider
that easily integrates with an organizations on-premises AD deployments and provides full support of
third-party identity providers. Active Directory Access Control capabilities include a cloud-based store
for directory data and a core set of identity services including user logon processes, authentication,
and federation services.
General
Download

http://www.microsoft.com/enus/download/details.aspx?id=27421

Integration with Windows Azure


AppFabric

http://social.technet.microsoft.com/wiki/contents/articles/7930.
mscrm2011-integration-with-windows-azure-appfabric-part1.aspx

Microsoft SQL Azure


Microsoft SQL Azure Database is a cloud-based relational database service built on Microsoft SQL
Server technologies. It provides a highly available, scalable, multitenant database service hosted by
Microsoft in the cloud. SQL Azure Database helps simplify provisioning and deployment of multiple
databases.

Architecture Guide

Page 53 of 123

General
Windows Azure SQL Database

http://msdn.microsoft.com/enus/library/windowsazure/ee336279.aspx

Data Management

http://www.windowsazure.com/en-us/home/features/datamanagement/

SQL Azure Data Sync

http://social.technet.microsoft.com/wiki/contents/articles/sqlazure-data-sync-overview.aspx

Migrate Databases to SQL Azure

http://msdn.microsoft.com/en-us/library/ee730904.aspx

Development

http://msdn.microsoft.com/en-us/library/ee336225.aspx

System Components Integration


This section describes the integration points of Windows Azure platform with other system
components.

Usage Scenarios
This section describes the usage scenarios as supported by the Windows Azure platform in integration
with other system components.
Highly available, scalable, multitenant storage service in the cloud

Interoperability with SQL Server 2008 R2 / 2012


Microsoft SQL Azure Database is a cloud-based, relational database service built on SQL Server
technologies. It provides a highly available, scalable, multitenant database service hosted by
Microsoft in the cloud. SQL Azure Database helps organizations provision and deploy multiple
databases, and helps developers avoid installing, setting up, patching, or managing any software.
It features high availability and fault tolerance, requires no physical administration, and supports
Transact-SQL (T-SQL). Developers can use existing knowledge in T-SQL development and a familiar
relational data model for symmetry with existing on-premises databases.

Relational data model in the cloud that provides connectivity with existing on-premises storage

Interoperability with SQL Server 2008 R2 / 2012


SQL Azure provides a familiar environment for database programmers. The objects that are
created in SQL Azure Database are the same as those in a SQL Server database. Both SQL Server
and SQL Azure Database use the Transact-SQL language for database creation and data
manipulation. Database developers and administrators can quickly become productive in SQL
Azure by using their existing expertise. Developers can use existing knowledge in T-SQL
development and a familiar relational data model for symmetry with existing on-premises
databases.

Self-managing capability to provision data services with built-in fault tolerance


SQL Azure Database offers the high availability and functionality of an enterprise data center without
the administrative costs associated with on-premises solutions. Administrators can provision necessary
data storage in minutes and quickly respond to changes in demand. This reduces the initial costs of
data services by helping organizations to provision only what they need with the ability to extend the
cloud-based data storage.

Architecture Guide

Page 54 of 123

All information held in Windows Azure storage is replicated three times. These replications allow fault
tolerance, so organizations can lose one copy of the information without losing all copies. The system
provides strong consistency, helping to ensure that applications read the exact data they write.
Creation, prototyping, and deployment of applications that integrate data across the organization
SQL Azure offers a rich, relational programming model and uses a familiar data access protocol and
simple deployment options. SQL Azure removes infrastructure obstacles, giving developers more
freedom to innovate and experiment with new ways of sharing data.
The Windows Azure Platform provides a fully interoperable environment that supports industry
standards and web protocols, including REST, SOAP, and XML. To build applications and services on
Windows Azure, developers can use their existing Microsoft Visual Studio expertise. Organizations can
deploy Windows Azure applications to upload their services packages and configuration files to the
hosting fabric.

Microsoft Online Backup Service


Microsoft Online Backup Service is a cloud-based backup service for Windows Server 2012 that IT
administrators in an organization can use to back up files and in the cloud in order to provide off-site
protection against data loss. It delivers business continuity benefits by providing a backup solution that
requires no initial hardware costs other than a broadband Internet connection. Microsoft Online
Backup Service can be used to schedule file and folder backups from on-premises servers to the cloud.
To transfer data between servers running Windows Server 2012 and Microsoft Online Backup Service
you can use the Microsoft Online Backup Service Agent or the Online Backup cmdlets for Windows
PowerShell.
General
Overview

http://technet.microsoft.com/en-us/library/hh831419

Manage

http://technet.microsoft.com/en-us/library/hh831590

Administer

http://technet.microsoft.com/en-us/library/hh831765.aspx

System Components Integration


This section describes the integration points of Microsoft Online Backup Service with other system
components.

Usage Scenarios
This section describes the usage scenarios supported by Microsoft Online Backup Service.
Highly available, scalable, multitenant storage service in the cloud
Microsoft Online Backup Service is a cloud-based backup solution which allows files and folders to be
backed up and recovered from the cloud, with a simple user interface to configure and monitor the
backups. Microsoft Online Backup Agent performs incremental backups by tracking file and block-level
changes and only transferring the changed blocks. It accepts and implements retention policies to
recycle backups that exceed the desired retention range.

Architecture Guide

Page 55 of 123

DEVELOPMENT TOOLS
This section contains links to the development tools that Table 1 references.

Microsoft .NET Framework 4.0


The Microsoft .NET Framework is the Windows developer platform that connects information, people,
systems, and devices. The Microsoft .NET Framework provides the foundation for productively building
connected and appealing applications on a wide variety of systems from the device to the data center.
General
Home Page

http://www.microsoft.com/net/default.aspx

Microsoft .NET Framework 4

http://www.microsoft.com/download/en/details.aspx?displaylan
g=en&id=17851

Visual Studio Team Foundation Server 2010


Microsoft Visual Studio Team Foundation Server 2010 is the collaboration platform at the core of
Microsofts application life-cycle management solution that automates the software delivery process
and enables organizations to effectively manage software development projects throughout the IT life
cycle.
General
Home Page

http://www.microsoft.com/visualstudio/en-gb/products/2010editions/team-foundation-server

System Components Integration


This section describes the integration points of Visual Studio Team Foundation Server 2010 with other
system components.

Usage Scenarios
This section describes the usage scenarios as supported by Visual Studio Team Foundation Server 2010
in integration with other system components.
Creation, prototyping, and deployment of applications that integrate data across the organization
Team Foundation Server (TFS) is intended for collaborative software development projects. Users can
run, monitor, and manage builds using Team Foundation Build to compile code and run tests. Users
can also quickly prototype a new or modified interface.

Visual Studio 11 Team Foundation Server


Visual Studio 11 Team Foundation Server (TFS) is the collaboration platform at the core of Microsoft's
application life-cycle management (ALM) solution. TFS supports agile development practices, multiple
IDEs and platforms locally or in the cloud, and gives you the tools you need to effectively manage
software development projects throughout the IT life cycle.
General
Home Page

Architecture Guide

http://www.microsoft.com/visualstudio/eng/products/visualstudio-team-foundation-server-2012

Page 56 of 123

System Components Integration


This section describes the integration points of Visual Studio 11 Team Foundation Server with other
system components.

Usage Scenarios
This section describes the usage scenarios as supported by Visual Studio 11 Team Foundation Server in
integration with other system components.
Creation, prototyping, and deployment of applications that integrate data across the organization
Team Foundation Server (TFS) is intended for collaborative software development projects. Users can
run, monitor, and manage builds using Team Foundation Build to compile code and run tests. Users
can also quickly prototype a new or modified interface.

Microsoft Visual Studio Team System 2008


Microsoft Visual Studio Team System 2008 Team Suite provides an integrated set of tools for
architecture, design, development, database development, and testing of applications. By using the
suite, information workers can collaborate more effectively and use a complete set of tools and
guidance at every step of the application life cycle.
General
Overview

http://www.microsoft.com/downloads/details.aspx?FamilyId=D9
5598D7-AA6E-4F24-82E3-81570C5384CB&displaylang=en

Testing Tools

http://msdn.microsoft.com/enus/library/ms243146(v=VS.90).aspx

Development Edition

http://msdn.microsoft.com/enus/library/47f7hz7y(v=VS.90).aspx

Architecture Edition

http://msdn.microsoft.com/enus/library/57b85fsc(v=VS.90).aspx

Installer

http://www.microsoft.com/downloads/details.aspx?familyid=FBE
E1648-7106-44A7-9649-6D9F6D58056E&displaylang=en

System Components Integration


This section describes the integration points of Visual Studio Team System 2008 with other system
components.

Usage Scenarios
This section describes the usage scenarios supported by Visual Studio Team System 2008.
Creation, prototyping, and deployment of applications that integrate data across the organization

Interoperability with SQL Server 2008 R2


Visual Studio offers database design and development tools in an integrated development
environment, helping developers to visually design data relationships, filter SQL statements, edit
SQL code, and run database queries in the development environment itself.

Architecture Guide

Page 57 of 123

Microsoft Visual Studio Team System 2010


Microsoft Visual Studio Team System 2010 is a platform for productive, integrated, and extensible
software development life-cycle tools. With Visual Studio Team System 2010, organizations can
develop custom websites to provide employee training and help software teams improve
communication and collaboration throughout the software development process.
General
Home Page

http://www.microsoft.com/visualstudio/eng/products/visualstudio-2010-express

Overview

http://msdn.microsoft.com/enus/library/dd831853(v=vs.100).aspx

Install and Maintain

http://msdn.microsoft.com/en-us/library/e2h7fzkw(VS.100).aspx

Get Started

http://msdn.microsoft.com/enus/library/ms165079(VS.100).aspx

System Components Integration


This section describes the integration points of Visual Studio Team System 2010 with other system
components.

Usage Scenarios
This section describes the usage scenarios supported by Visual Studio Team System 2010.
Creation, prototyping, and deployment of applications that integrate data across the organization

Interoperability with SQL Server 2012


Visual Studio offers database design and development tools in an integrated development
environment, helping developers to visually design data relationships, filter SQL statements, edit
SQL code, and run database queries in the development environment itself.

Visual Studio 11
Visual Studio 11 is the comprehensive and integrated application development and management
solution for organizations developing and operating highly scalable software applications and services.
It enables developers to create multi-tier applications across the web, cloud, and devices including
capabilities of Windows 8, the web, SharePoint, mobile, cloud development, and application
management lifecycle tools to help software teams improve communication and collaboration
throughout the software development process.
General
Home Page

http://www.microsoft.com/visualstudio/eng/products/visualstudio-overview

Development Center

http://msdn.microsoft.com/enus/library/windows/apps/br211384.aspx

Resources

http://msdn.microsoft.com/en-us/library/dd831853.aspx

Architecture Guide

Page 58 of 123

System Components Integration


This section describes the integration points of Visual Studio 11 with other system components.

Usage Scenarios
This section describes the usage scenarios supported by Visual Studio 11.
Creation, prototyping, and deployment of applications that integrate data across the organization

Interoperability with SQL Server 2012


Visual Studio offers database designing and development tools in an integrated development
environment, helping developers to visually design data relationships, filter SQL statements, edit
SQL code, and run database queries in the development environment itself.

Windows Communications Foundation (WCF) Services


Windows Communication Foundation (WCF) is Microsoft's next-generation programming platform and
runtime system for building, configuring, and deploying network-distributed services. It provides a
unified framework for creating more secure, reliable, transacted, and interoperable service-oriented
applications. Organizations use WCF Services to send data as asynchronous messages, as simple as a
single character or word sent as XML, or as complex as a stream of binary data, from one service
endpoint to another.
General
Overview

http://msdn.microsoft.com/en-us/library/bb907578.aspx

Building WCF Services

http://msdn.microsoft.com/en-us/library/aa480190.aspx

Resources

http://msdn.microsoft.com/en-us/library/dd456779.aspx

TOOLS
This section contains links to the tools that Table 1 references.

Microsoft Assessment and Planning Toolkit 6.0/6.5


The Microsoft Assessment and Planning (MAP) Toolkit is an agent-less inventory, reporting, and multiproduct planning and assessment tool that helps organizations more securely assess IT environments
or infrastructure for various platform migrations and determine the right Microsoft technologies that IT
needs. Organizations use this solution to accelerate their IT infrastructure planning process, and gather
more detail on assets that reside within their current environment. It also provides private and public
cloud planning assessments and server utilization data for Hyper-V server virtualization planning,
including ROI analysis for server consolidation with Hyper-V.
General
Overview

http://technet.microsoft.com/en-us/library/bb977556.aspx

Resources

http://technet.microsoft.com/enus/solutionaccelerators/dd537566.aspx

Getting Started

http://go.microsoft.com/fwlink/?LinkId=158130

Download

http://www.microsoft.com/enus/download/details.aspx?id=7826

Architecture Guide

Page 59 of 123

Microsoft Security Assessment Tool


The Microsoft Security Assessment Tool can help organizations assess weaknesses in their current IT
security environments, reveal a prioritized list of potential problems, and help specify how to minimize
security risks.
General
Overview

http://technet.microsoft.com/en-us/security/cc185712.aspx

Download Center

http://www.microsoft.com/downloads/details.aspx?FamilyId=CD
057D9D-86B9-4E35-9733-7ACB0B2A3CA1&displaylang=en

Microsoft Software Inventory Analyzer 5.0/5.1


Microsoft Software Inventory Analyzer 5.0/5.1 can help organizations use software inventory as a
starting point for working with software asset management. Organizations can use Microsoft Software
Inventory Analyzer 5.0/5.1 to scan and inventory the Microsoft software installed on a single computer
or on multiple computers throughout a network. Microsoft Software Inventory Analyzer 5.0/5.1
generates a report that provides details about all installed Microsoft products, including the type and
the number of licenses.
General
Overview

http://www.microsoft.com/en/gb/sam/msia.aspx

Download Center

http://www.microsoft.com/downloads/details.aspx?displaylang=
en&FamilyID=c25884f2-9ab6-419f-a22f-d39225eac339

Microsoft Deployment Toolkit 2010


Microsoft Deployment Toolkit 2010 provides a common console with the comprehensive tools and
guidance needed to efficiently manage deployment of Windows 7 and Windows Server 2008 R2.
Microsoft Deployment Toolkit 2010 is the recommended process and tool set to automate desktop
and server deployment, and it provides detailed guidance and job aids for every organizational role
involved with large-scale deployment projects.
General
Overview

http://technet.microsoft.com/enus/solutionaccelerators/dd407791.aspx

Microsoft Deployment ToolkitNext


Generation

http://download.microsoft.com/download/F/3/3/F33D91DFD6E3-442A-9E205A39C82111FD/ITPro_Client_Infrastructure/MS_Deployment_To
olkit_Ramalinga.pdf

Microsoft Deployment Toolkit 2012


Microsoft Deployment Toolkit 2012 provides a common console with comprehensive tools and
guidance to automate large-scale Windows and Office deployments, making it a recommended
process and toolset. It supports deployment capabilities for the latest software releases, including
Windows 8, Windows Server 2012, Windows 7, Office 365, Office 2010, and Windows Server 2008 R2.
Microsoft Deployment Toolkit 2012 provides unified tools along with improved security and ongoing
configuration management.

Architecture Guide

Page 60 of 123

General
Product Overview

http://technet.microsoft.com/enus/solutionaccelerators/dd407791.aspx

Whats New

http://download.microsoft.com/download/b/3/a/b3a89fae-f7bf4e7c-b208223b991e9c30/Whats%20New%20in%20MDT%20Guide.docx

Microsoft Deployment Toolkit


Resources

http://technet.microsoft.com/en-us/library/ee376932.aspx

Windows Automated Installation Kit


Windows Automated Installation Kit helps original equipment manufacturers, system builders, and
corporate IT professionals deploy Windows onto new hardware. The Windows Automated Installation
Kit is a set of deployment tools that supports the latest release of Windows.
General
Overview

http://technet.microsoft.com/enus/library/cc748933(WS.10).aspx

Users Guide

http://technet.microsoft.com/enus/library/cc749528(WS.10).aspx

Deployment Tools Technical Reference http://technet.microsoft.com/enus/library/cc766376(WS.10).aspx

Security Compliance Management Toolkit


Microsoft Security Compliance Management Toolkit centralizes security baseline management features
and provides a baseline portfolio, customization capabilities, and security baseline export flexibility to
help organizations efficiently manage the security and compliance process for the most widely used
Microsoft technologies.
General
Overview

http://technet.microsoft.com/en-us/library/cc514539.aspx

Download Center

http://www.microsoft.com/download/en/details.aspx?displaylan
g=en&id=16776

Microsoft Security Compliance Manager


Microsoft Security Compliance Manager enables IT admins to quickly configure and manage
computers, traditional datacenter, and private cloud using Group Policy and Microsoft System Center
Configuration Manager. SCM provides ready to deploy policies and DCM configuration packs that are
tested and fully supported. These baselines are based on Microsoft Security Guide recommendations
and industry best practices, allowing IT admins to manage configuration drift, address compliance
requirements, and reduce security threats.
General
Homepage

Architecture Guide

http://technet.microsoft.com/enus/solutionaccelerators/cc835245.aspx

Page 61 of 123

General
Download

http://www.microsoft.com/enus/download/details.aspx?id=16776

Whats New

http://technet.microsoft.com/en-us/library/cc677002.aspx

Compliance Management Libraries/2.0


IT Compliance Management Libraries provide prescriptive guidance that helps IT professionals to
configure Microsoft products to address specific IT governance, risk, and compliance (GRC)
requirements. The Compliance Management Libraries are available for Windows Server 2008, Windows
Server 2008 R2, Windows 7, and Microsoft System Center. These libraries help to bridge the knowledge
gap for IT pros by translating auditor expectations into real IT tasks through the use of control activities
that are specific to a particular technology or platform.
General
Download Center

http://www.microsoft.com/engb/download/details.aspx?id=18416

Data Classification Toolkit


The Data Classification Toolkit provides support for configuring data compliance on file servers running
Windows Servers to help automate the file classification process and make file management more
efficient in the organization. The toolkit allows provisioning and standardizes central access policy
across a forest and applies default access policies on the file servers. The toolkit also provides tools to
provision user and device claim values based on Active Directory Domain Services (AD DS) resources,
which helps simplify configuring Dynamic Access Control in Windows Server 2012.
General
Overview

http://technet.microsoft.com/en-us/library/hh204743.aspx

Download Center

http://www.microsoft.com/enus/download/details.aspx?id=27123

Important information about the Data


Classification Toolkit

http://technet.microsoft.com/en-us/library/hh367453.aspx

IT Governance, Risk, and Compliance Process Management Pack /2.0


The Microsoft IT GRC Process Management Pack for System Center Service Manager provides end-toend compliance management and automation for desktop and data center computers. Deeply
integrated with Microsoft System Center Service Manager, the IT GRC Process Management pack
translates complex regulations and standards into authoritative control objectives and control activities
for the IT organizations compliance program.
General
Overview

http://technet.microsoft.com/en-us/library/gg176679.aspx

Download Center

http://www.microsoft.com/enus/download/details.aspx?id=4953

System Center Process Pack for IT GRC

http://technet.microsoft.com/en-us/library/dd206732.aspx

Architecture Guide

Page 62 of 123

BizTalk ESB Toolkit


BizTalk ESB Toolkit is a collection of tools and libraries that extend BizTalk Server 2010 capabilities of
supporting a loosely coupled and dynamic messaging architecture. It functions as middleware that
provides tools for rapid mediation between services and their consumers. It also provides key building
blocks such as endpoint run-time discovery and virtualization, loosely coupled service composition,
dynamic message transformation and translation, and dynamic routing.
General
Overview

http://msdn.microsoft.com/en-us/library/ff699598.aspx

Installation

http://msdn.microsoft.com/enus/library/ee384248(v=bts.10).aspx

BizTalk ESB Toolkit Core Components

http://www.microsoft.com/enus/download/details.aspx?id=14293

Architecture Guide

Page 63 of 123

Phase 2
This section provides the definition, Optimization mapping; technology mapping; logical architecture;
illustrative physical architecture; system components; and references to plan, develop, and deploy
Phase 2.

Envision the Solution


This section provides the definition for Phase 2 and other useful information, such as starting points, to
help you envision your solutions definition, Optimization mapping, and technology mapping.

Definition
Phase 2 is a robust, enterprise-class deployment that addresses the following goals:

Covers the functionality in your envisioned solution.

Helps you to see all of the capabilities for your envisioned solution.

The conceptual architecture diagram in


Figure 9 represents the collective set of business capabilities that Phase 2 includes.
Figure 9 Conceptual architecture diagram for Phase 2

Architecture Guide

Page 64 of 123

This section describes the integrated capabilities of the Phase 2 solution. Organizations can use this
section to better understand which integrated capabilities they need to customize for the solution to
meet specific business needs.
Organizations that require a Phase 2 solution for Windows Azure need to support business growth and
improve economic feasibility by reducing their operational and maintenance costs. They need to
enable their IT resources to concentrate on innovation and bring their ideas to market faster.
Organizations can provide on-demand computing and storage to host, scale, and manage web
applications on the Internet and in service hosting and service management environments.
Organizations can better bridge the gap between on-premises and off-premises applications and
reduce costs to purchase and manage additional servers and storage on-site by creating new
applications in the cloud that support bidirectional data synchronization between cloud applications
and on-premises data storage. Organizations can consume disparate data sets, imagery, and content in
real time under a unified provisioning and billing framework. Organizations can provide more secure
connectivity between loosely coupled services and applications over the Internet across firewall,
domain, and network boundaries. They can better protect their applications from intrusions by flexibly
configuring users on different identity-management infrastructures.

Optimization Mapping
Figure10 shows the Optimization mapping for Phase 2.
Figure 10 Optimization mapping for Phase 2

Architecture Guide

Page 65 of 123

Architecture Guide

Page 66 of 123

Technology Mapping
Phase 2 requires the following Microsoft technologies:

Client Technologies
Office 2007 / 2010

Office Outlook 2007 / Outlook 2010, Office Word 2007 / Word 2010, Office Excel 2007 / Excel
2010, Office PowerPoint 2007 / PowerPoint 2010

Office Visio 2007 / Visio 2010

Microsoft Office Project 2007 / Project 2010

Forefront Endpoint Protection 2010 / System Center 2012 Endpoint Protection

Windows 7 / 8

Server Technologies
Microsoft Office SharePoint Server 2007 / Microsoft SharePoint Server 2010

SQL Server 2008 R2 / 2012

Microsoft Server Security

Microsoft Forefront Security for SharePoint / Microsoft Forefront Protection 2010 for
SharePoint

Internet Security and Acceleration Server 2006 / Forefront Threat Management Gateway 2010

Intelligent Application Gateway 2007 / Forefront Unified Access Gateway 2010

Architecture Guide

Page 67 of 123

Forefront Identity Manager 2010 / 2010 R2

Windows Server 2008 R2 / 2012

Microsoft System Center

System Center Operations Manager 2007 R2 / System Center 2012 Operations Manager

System Center Data Protection Manager 2010 / System Center 2012 Data Protection Manager

System Center Configuration Manager 2007 R3 / System Center 2012 Configuration Manager

System Center Virtual Machine Manager 2008 R2 / System Center 2012 Virtual Machine
Manager

Microsoft System Center Virtual Machine Manager Self Service Portal 2.0

Microsoft System Center Service Manager 2010 / Microsoft System Center 2012 Service
Manager

Opalis / Microsoft System Center 2012 Orchestrator

Microsoft System Center 2012 App Controller

Windows Storage Server 2008 / 2008 R2

Windows Server AppFabric

Hyper-V Server 2008 / 2008 R2

BizTalk Server 2009 / 2010

Cloud Technologies
Business Productivity Online Services / Office 365

SharePoint Online

Windows Azure platform

Windows Azure

Windows Azure AppFabric

Microsoft SQL Azure

Online Backup Service

Development Tools
.NET Framework

Visual Studio 2010 Team Foundation Server / Visual Studio 11 Team Foundation Server

Visual Studio Team System 2008 / 2010 / 11

Windows Communications Foundation (WCF) Services

Tools
Assessment and Planning Toolkit 6.0 / 6.5

Security Assessment Tool

Software Inventory Analyzer 5.0 / 5.1

Deployment Toolkit 2010 / 2012

Windows Automated Installation Kit

Security Compliance Management Toolkit

Compliance Management Libraries 2.0

Windows SDK

Architecture Guide

Page 68 of 123

Data Classification Toolkit

IT Governance, Risk and Compliance Process Management Pack 2.0

BizTalk ESB Toolkit

Architect the Solution


This section provides the logical architecture, illustrative physical architecture, and list of required
system components for Phase 2, which is a useful starting point to help you design your solution.

Logical Architecture
Figure 11 is the logical architecture diagram that shows the infrastructure for Phase 2 and its
functionalities. This diagram provides a high-level overview of the requirements to implement Phase 2.
This diagram is a starting point; you should customize it to meet the specific needs of your
organization.
Figure 11 Logical architecture diagram of Phase 2

Architecture Guide

Page 69 of 123

Illustrative Physical Architecture


Figure 12 is an illustrative physical architecture diagram for Phase 2. A physical architecture diagram
shifts from describing technologies as capabilities and roles to describing physical systems. As with all
sample diagrams, you should customize this diagram to meet the specific needs of your organization.
For more information about customizing this diagram (including the required software product
editions), see Plan Development and Deployment of the Solution in Phase 2.
Figure 12 Physical architecture for Phase 2

System Components
This section lists the system components that Phase 2 requires. The system components consist of
product components that are grouped by product families. Table 2 lists the product components that
each solution capability in Phase 2 needs. You can use this table to better understand which product
components you need to meet the specific solution capability requirements for your customized
solution.
The legend for the table is as follows:
X

Product must be included to enable the solution capability.

Product is recommended to better enable the solution capability.

Architecture Guide

Page 70 of 123

Bidirectional data synchronization between onpremises and cloud storage

Interoperable bidirectional communication


through composite applications, custom web
applications, and packaged LOB applications

Windows 7

Creation, prototyping, and deployment of


applications that integrate data across the
organization

Product component

Ability to publish and subscribe for multicasting

Forefront Endpoint Protection 2010


/ System Center 2012 Endpoint
Protection

Product family

Unified provisioning and billing framework

Enabling services to navigate firewalls or network


boundaries

Cloud-based development, service hosting, and


service management environment

Secure connectivity between loosely coupled


services and applications over the Internet across
firewall, domain, and network boundaries

On-demand compute and storage on the Internet

Table 2 System components for Phase 2

CLIENT TECHNOLOGIES
Office 2007 / 2010
Office Outlook 2007 / Outlook
2010, Office Word 2007 / Word
2010, Office Excel 2007 / Excel
2010, Office PowerPoint 2007 /
PowerPoint 2010

Office Visio 2007 / Visio 2010

Office Project 2007 / Project 2010

Windows 8
Offline Files
DirectAccess
SERVER TECHNOLOGIES
Office SharePoint Server 2007 /
SharePoint Server 2010*
Sites and Portals
Single Sign-On Service / Secure
Store Service*
SQL Server 2008 R2 / 2012
Database Engine

Server Security
Forefront Security for SharePoint
/ Forefront Protection 2010 for
SharePoint
Internet Security and Acceleration
Server 2006 / Forefront Threat
Management Gateway 2010

Architecture Guide

Page 71 of 123

On-demand compute and storage on the Internet

Cloud-based development, service hosting, and


service management environment

Bidirectional data synchronization between onpremises and cloud storage

Interoperable bidirectional communication


through composite applications, custom web
applications, and packaged LOB applications

Unified provisioning and billing framework

Ability to publish and subscribe for multicasting

Creation, prototyping, and deployment of


applications that integrate data across the
organization

Secure connectivity between loosely coupled


services and applications over the Internet across
firewall, domain, and network boundaries

Enabling services to navigate firewalls or network


boundaries

Firewall

Intelligent Application Gateway


2007 / Forefront Unified Access
Gateway 2010

*
X

Product family
Product component

Forefront Identity Manager 2010 /


2010 R2

Windows Server 2008 R2 / 2012*


Active Directory Domain
Services

Active Directory Federation


Services
Active Directory Certificate
Services
Active Directory Lightweight
Directory Services

X
*

Internet Information Services (IIS)


7/8
Hyper-V

X
*

Network Policy and Access


Services
Group Policy

*
X

Windows Deployment Services


Windows Firewall with Advanced
Security

X
*

*
*

DirectAccess
Storage Spaces*

System Center
System Center Operations
Manager 2007 R2 / System
Center 2012 Operations Manager

System Center Data Protection


Manager 2010 / System Center
2012 Data Protection Manager

Architecture Guide

Page 72 of 123

Unified provisioning and billing framework

System Center Virtual Machine


Manager 2008 R2 / System
Center 2012 Virtual Machine
Manager

Enabling services to navigate firewalls or network


boundaries

Interoperable bidirectional communication


through composite applications, custom web
applications, and packaged LOB applications

Secure connectivity between loosely coupled


services and applications over the Internet across
firewall, domain, and network boundaries

Bidirectional data synchronization between onpremises and cloud storage

Creation, prototyping, and deployment of


applications that integrate data across the
organization

Cloud-based development, service hosting, and


service management environment

Product component

Ability to publish and subscribe for multicasting

On-demand compute and storage on the Internet

System Center Configuration


Manager 2007 R3 / System
Center 2012 Configuration
Manager

Product family

System Center Virtual Machine


Manager Self Service Portal 2.0

System Center Service Manager


2010 / System Center 2012
Service Manager

Opalis / System Center 2012


Orchestrator

System Center 2012 App


Controller
Windows Storage Server 2008 /
2008 R2

Windows Server AppFabric

Hyper-V Server 2008 / 2008 R2

BizTalk Server 2009 / 2010

*
*

*
*

*
X

CLOUD TECHNOLOGIES
BPOS / Office 365*

SharePoint Online

Windows Azure platform


Windows Azure

Windows Azure AppFabric


Active Directory Access Control
SQL Azure

Online Backup Service

Architecture Guide

*
X

Page 73 of 123

Visual Studio 2010 Team Foundation


Server / Visual Studio 11 Team
Foundation Server

Visual Studio Team System 2008 /


2010 / 11

Enabling services to navigate firewalls or network


boundaries

Secure connectivity between loosely coupled


services and applications over the Internet across
firewall, domain, and network boundaries

Interoperable bidirectional communication


through composite applications, custom web
applications, and packaged LOB applications

Creation, prototyping, and deployment of


applications that integrate data across the
organization

Bidirectional data synchronization between onpremises and cloud storage

Ability to publish and subscribe for multicasting

Cloud-based development, service hosting, and


service management environment

Product component

Unified provisioning and billing framework

On-demand compute and storage on the Internet

.NET Framework

Product family

DEVELOPMENT TOOLS

Windows Communications
Foundation (WCF) Services

TOOLS, ADD-INS, LIBRARIES, AND FRAMEWORKS


Assessment and Planning Toolkit 6.0
/ 6.5

Security Assessment Tool

Software Inventory Analyzer 5.0 /


5.1

Deployment Toolkit 2010 / 2012

Windows Automated Installation Kit

Security Compliance Management


Toolkit
Security Compliance Manager 2.x
Compliance Management Libraries
2.0
Windows SDK

Data Classification Toolkit

IT Governance, Risk and Compliance


Process Management Pack 2.0

BizTalk ESB Toolkit

Architecture Guide

Page 74 of 123

Plan Development and Deployment of the Solution


This section provides references to help you plan to develop and deploy the server product
components that are relevant to Phase 2.

SERVER TECHNOLOGIES
This section contains links to the server technologies that Table 2 references.

Microsoft Office SharePoint Server 2007


Microsoft Office SharePoint Server 2007 is an integrated suite of server capabilities that can help
improve organizational effectiveness by providing comprehensive content management and enterprise
search, accelerating shared business processes, and facilitating information sharing across boundaries
for better business insight. Office SharePoint Server 2007 supports all intranet, extranet, and web
applications across an organization within one integrated platform, instead of relying on separate
fragmented systems. Additionally, this collaboration and content management server provides IT
professionals and developers with the platform and tools they need for server administration,
application extensibility, and interoperability.
General
Overview

http://sharepoint.microsoft.com/enus/product/2007/Pages/default.aspx

Planning and Architecture for Office


SharePoint Server 2007

http://technet.microsoft.com/enus/library/cc261834(office.12).aspx

Deployment for Office SharePoint


Server 2007

http://technet.microsoft.com/enus/library/cc262957(office.12).aspx

Plan Overall Design

http://technet.microsoft.com/enus/library/cc262612%28v=office.12%29.aspx

Support

http://office.microsoft.com/en-us/sharepoint-server-help/

Portals
The versatile technology in Office SharePoint Server 2007 Portal Services provides the infrastructure for
collaborating and the foundation for building portal sites.
General
Create a Portal Site in Office
SharePoint Server 2007

http://office.microsoft.com/en-us/sharepoint-portal-serverit/creating-a-portal-site-HA001160366.aspx?CTT=1

Plan Site Creation and Maintenance


(Office SharePoint Server 2007)

http://technet.microsoft.com/enus/library/cc263483(office.12).aspx

Design Server Farms and Topologies


(Office SharePoint Server 2007)

http://technet.microsoft.com/enus/library/cc263157(office.12).aspx

Plan and Design Security (Office


SharePoint Server 2007)

http://technet.microsoft.com/enus/library/cc262331%28v=office.12%29.aspx

Configure and Deploy Anonymous


Publishing Sites for SharePoint Server
2007

http://msdn.microsoft.com/enus/library/dd638968(office.12).aspx

Architecture Guide

Page 75 of 123

System Components Integration


This section describes the integration points of Office SharePoint Server 2007 with other system
components.

Associated System Components


This section describes the dependencies and recommendations for Office SharePoint Server 2007 and
highlights capabilities as enabled directly or when integrated with another system component.

Interoperability with SQL Server 2008 R2


SQL Server 2008 R2 is a relational database that stores all content, data, and configuration
information used by Office SharePoint Server 2007.

Interoperability with Forefront Security for SharePoint


Forefront Security for SharePoint can help protect Office SharePoint Server 2007 from malicious
software and inappropriate content.

Interoperability with Visual Studio Team System 2008


Developers can use Visual Studio Team System 2008 to create document-handling processes, help
users collaborate through portals and workspaces, and connect users to information in enterprise
business systems.

Interoperability with BizTalk Server 2009


BizTalk Server 2009 enables Business Activity Monitoring (BAM). The BAM Portal is a web
application that enables transactional data from within the business processes to be fully exposed
with the SharePoint Portal Server. BAM provides a web service interface to expose the query of
aggregate and instance data, creation of alerts, and retrieval of BAM configurations.

Interoperability with Core and Management Services


Office SharePoint Server 2007 uses the following technologies and services:

Windows Server 2008 R2


Windows Server provides an installation and deployment platform, granular services, and
other essential components and technologies.
Active Directory Domain Services can help administrators manage user identities and
relationships.
Active Directory Federation Services provides web single sign-on (SSO) technologies to
authenticate a user to multiple web applications over the life of a single online session.
Active Directory Federation Services accomplishes this by securely sharing digital identity
and entitlement across security and enterprise boundaries.
Active Directory Certificate Services provides customizable services for creating and
managing public key certificates used in software security systems employing public key
technologies. AD CS can be used to enhance security by binding the identity of a person,
device, or service to a corresponding private key. AD CS enables organizations to manage
certificate enrollment and revocation in a variety of scalable environments.
The Active Directory Lightweight Directory Services server role is a Lightweight Directory
Access Protocol (LDAP) directory service that provides data storage and retrieval for
directory-enabled applications, without the dependencies that are required for Active
Directory Domain Services.

Architecture Guide

Page 76 of 123

Network Policy and Access Services (NPAS) provides technologies that allow deployment
of virtual private networking (VPN), dial-up networking, and 802.11-protected wireless
access. With NPAS, organizations can define and enforce policies for network access
authentication, authorization, and client health.
Group Policy provides an infrastructure for centralized configuration management of the
operating system and applications that run on the operating system.
Internet Information Services (IIS) 7.0 is a powerful web server that provides a highly
reliable, manageable, and scalable web application infrastructure.
The Hyper-V virtualization platform can be used to create and manage a virtualized server
computing environment.
Windows Deployment Services can help administrators remotely deploy Windows
operating systems.
Windows Firewall with Advanced Security helps protect computers on a network through
a stateful firewall that enables administrators to determine what network traffic to permit
to pass between a computer and the network. It also includes connection security rules
that use Internet Protocol security (IPsec) to help protect traffic as it travels across the
network.

Internet Security and Acceleration Server 2006 protects the IT environment from Internetbased threats and provides users with faster and more secure remote access to applications
and data.

Intelligent Application Gateway 2007 provides a secure-socket-layer virtual private network, a


web application firewall, and endpoint security management that enable access control,
authorization, and content inspection for a wide variety of applications.

Windows Storage Server 2008 enables high-availability scenarios by providing backup and
replication of stored data.

Microsoft Hyper-V Server 2008 provides a reliable and optimized virtualization solution that
helps organizations improve server use and reduce costs through a small footprint and
minimal overhead.

System Center family helps organizations by providing IT with self-managing and monitoring
of dynamic systems. System Center family provides:
A comprehensive view of the health of the IT environment.
Optimized disk-based backup and recovery, more consistent data protection, and features
to increase the IT organizations operational efficiencies.
A secure and scalable operating system, application deployment, and configuration
management.
Unified management of physical and virtual machines, consolidation of underutilized
physical servers, and rapid provisioning of new virtual machines.
The ability to dynamically pool, allocate, and manage data center resources and enable
self-service provisioning of virtual machines.
A flexible platform for automating and adapting IT Service Management best practices to
the organizations requirements.

Architecture Guide

Page 77 of 123

Automated incident response, change and compliance, and service life-cycle management
processes.
Simplified configuration, deployment, and management of virtual machines and services
across private and public clouds.

Microsoft SharePoint 2010


Microsoft SharePoint 2010 is the business collaboration platform that helps organizations connect and
empower people through formal and informal business communities, and manage content throughout
the information life cycle. Whether SharePoint 2010 is deployed on the premises or as a hosted service,
the integrated capabilities are enhanced by search technologies and can help organizations make
data-driven decisions and deploy customized solutions to quickly respond to changing business needs.
The consolidation of collaboration solutions onto SharePoint 2010 can help organizations reduce costs
by lowering training and maintenance expenses and increasing IT productivity, all within a governable
and compliant platform.
General
Home Page

http://sharepoint.microsoft.com/Pages/Default.aspx

Get Started

http://technet.microsoft.com/hi-in/library/cc262868(enus,office.14).aspx

Planning and Architecture

http://technet.microsoft.com/hi-in/library/cc261834(enus,office.14).aspx

Deployment

http://technet.microsoft.com/hi-in/library/cc262957(enus,office.14).aspx

Hardware and Software Requirements

http://technet.microsoft.com/hi-in/library/cc262485(enus,office.14).aspx

Development

http://technet.microsoft.com/hi-in/library/cc262356(enus,office.14).aspx

Operations

http://technet.microsoft.com/hi-in/library/cc262289(enus,office.14).aspx

SharePoint Sites
SharePoint Sites provides portal and collaboration capabilities across intranet, extranet, and Internet
sites. SharePoint 2010 brings users together to share information, data, and expertise across
organizations. It offers great usability, personalized experiences, and a single infrastructure that
enables organizations to save time and money.
General
Overview

http://sharepoint.microsoft.com/enus/product/capabilities/sites/Pages/default.aspx

Sites and Site Collections Overview

http://technet.microsoft.com/enus/library/cc262410(office.14).aspx

Plan Sites and Site Collections

http://technet.microsoft.com/enus/library/cc263267(office.14).aspx

Architecture Guide

Page 78 of 123

System Components Integration


This section describes the integration points of SharePoint 2010 with other system components.

Associated System Components


This section describes the dependencies and recommendations for SharePoint 2010 and highlights
capabilities as enabled directly or when integrated with another system component.

Interoperability with SQL Server 2012


SQL Server 2012 is the relational database used to store all content, data, and configuration
information used by SharePoint 2010.

Interoperability with Forefront Protection 2010 for SharePoint


Forefront Protection 2010 for SharePoint is recommended to help protect SharePoint 2010 from
malware and inappropriate content.

Interoperability with Visual Studio Team System 2010/Visual Studio 11


Developers can use Visual Studio Team System 2010/Visual Studio 11 to create documenthandling processes, help users collaborate through portals and workspaces, and connect users to
information in enterprise business systems.

Interoperability with BizTalk Server 2010


BizTalk Server 2010 enables Business Activity Monitoring (BAM). The BAM Portal is a web
application that enables transactional data from within the business processes to be fully exposed
with the SharePoint Portal Server. BAM provides a web service interface to expose the query of
aggregate and instance data, creation of alerts, and retrieval of BAM configurations.

Interoperability with Core and Management Services


SharePoint 2010 uses the technologies and services provided by:

Windows Server 2012


Windows Server provides an installation and deployment platform, granular services, and
other essential components and technologies.
Active Directory Domain Services can help administrators manage user identities and
relationships.
Active Directory Federation Services provides web single sign-on (SSO) technologies to
authenticate a user to multiple web applications over the life of a single online session.
Active Directory Federation Services accomplishes this by securely sharing digital identity
and entitlement across security and enterprise boundaries.
Active Directory Certificate Services provides customizable services for creating and
managing public key certificates used in software security systems employing public key
technologies. AD CS can be used to enhance security by binding the identity of a person,
device, or service to a corresponding private key. AD CS enables organizations to manage
certificate enrollment and revocation in a variety of scalable environments.
The Active Directory Lightweight Directory Services server role is a Lightweight Directory
Access Protocol (LDAP) directory service that provides data storage and retrieval for
directory-enabled applications, without the dependencies that are required for Active
Directory Domain Services.

Architecture Guide

Page 79 of 123

Network Policy and Access Services (NPAS) provides technologies that allow deployment
of virtual private networking (VPN), dial-up networking, and 802.11-protected wireless
access. With NPAS, organizations can define and enforce policies for network access
authentication, authorization, and client health.
Group Policy provides an infrastructure for centralized configuration management of the
operating system and applications that run on the operating system.
Internet Information Services (IIS) 8.0 is a powerful web server that provides a highly
reliable, manageable, and scalable web application infrastructure.
The Hyper-V virtualization platform can be used to create and manage a virtualized server
computing environment.
Windows Deployment Services can help administrators remotely deploy Windows
operating systems.
Windows Firewall with Advanced Security helps protect computers on a network through
a stateful firewall that enables administrators to determine what network traffic to permit
to pass between a computer and the network. It also includes connection security rules
that use Internet Protocol security (IPsec) to help protect traffic as it travels across the
network.
Storage Spaces enables virtualized storage capabilities by grouping industry-standard
disks into storage pools, and then creating virtual disks called storage spaces from the
available capacity in the storage pools.

Forefront Threat Management Gateway 2010 protects the IT environment from Internet-based
threats and provides users with faster and more secure remote access to applications and
data.

Forefront Unified Access Gateway 2010 provides a secure-socket-layer virtual private network,
a web application firewall, and endpoint security management that enable access control,
authorization, and content inspection for a wide variety of applications.

Windows Storage Server 2008 R2 enables high-availability scenarios by providing backup and
replication of stored data.

Microsoft Hyper-V Server 2008 R2 provides a reliable and optimized virtualization solution
that helps organizations improve server use and reduce costs through a small footprint and
minimal overhead.

The System Center family helps organizations by providing IT with the ability to self-manage
and monitor dynamic systems. The System Center family provides:
A comprehensive view of the health of the IT environment.
Optimized disk-based backup and recovery, more consistent data protection, and features
to increase the IT organizations operational efficiencies.
A secure and scalable operating system, application deployment, and configuration
management.
Unified management of physical and virtual machines, consolidation of underutilized
physical servers, and rapid provisioning of new virtual machines.
The ability to dynamically pool, allocate, and manage data center resources and enable
self-service provisioning of virtual machines.

Architecture Guide

Page 80 of 123

A flexible platform for automating and adapting IT Service Management best practices to
the organizations requirements.
Automated incident response, change and compliance, and service life-cycle management
processes.
Simplified configuration, deployment, and management of virtual machines and services
across private and public clouds.

Microsoft SQL Server 2008 R2


For more information about general use, and Database Engine, see the Plan Development and
Deployment of the Solution section in Phase 1.

System Components Integration


This section describes the additional and enhanced integration points of SQL Server 2008 R2 with other
system components.

Usage Scenarios
This section describes the additional and enhanced usage scenarios as supported by SQL Server 2008
R2 in integration with other system components.
Bidirectional data synchronization between on-premises and cloud storage

Interoperability with SQL Azure


Microsoft SQL Azure Data Sync provides symmetry between SQL Azure and SQL Server through
bidirectional data synchronization. This combination provides a bridge, allowing on-premises and
off-premises applications to work together.

Associated System Components


This section describes the additional dependencies and recommendations for SQL Server 2008 R2 and
highlights capabilities as enabled directly or when integrated with another system component.
For more information about the associated system components, see the Plan Development and
Deployment of the Solution section in Phase 1.

Interoperability with Office SharePoint Server 2007


SQL Server 2008 R2 is a relational database that stores all content, data, and configuration
information used by Office SharePoint Server 2007.

Interoperability with Core and Management Services


For more information about how SQL Server 2008 R2 integrates with Core and Management
Services, see the Plan Development and Deployment of the Solution section in Phase 1.
In Phase 2, SQL Server 2008 R2 uses the following technologies and services:

Windows Server 2008 R2


Active Directory Federation Services provides web single sign-on (SSO) technologies to
authenticate a user to multiple web applications over the life of a single online session.
Active Directory Federation Services accomplishes this by securely sharing digital identity
and entitlement across security and enterprise boundaries.

Architecture Guide

Page 81 of 123

Active Directory Certificate Services provides customizable services for creating and
managing public key certificates used in software security systems employing public key
technologies. AD CS can be used to enhance security by binding the identity of a person,
device, or service to a corresponding private key. AD CS enables organiations to manage
certificate enrollment and revocation in a variety of scalable environments.

System Center family


The ability to dynamically pool, allocate, and manage data center resources and enable
self-service provisioning of virtual machines.
Simplified configuration, deployment, and management of virtual machines and services
across private and public clouds.

Microsoft SQL Server 2012


For more information about general use, and Database Engine, see the Plan Development and
Deployment of the Solution section in Phase 1.

System Components Integration


This section describes the additional and enhanced integration points of SQL Server 2012 with other
system components.

Usage Scenarios
This section describes the additional and enhanced usage scenarios as supported by SQL Server 2012
in integration with other system components.
Bidirectional data synchronization between on-premises and cloud storage

Interoperability with SQL Azure


Microsoft SQL Azure Data Sync provides symmetry between SQL Azure and SQL Server through
bidirectional data synchronization. Using SQL Azure Data Sync, organizations can use the power of
SQL Azure to build business data hubs in the cloud, allowing information to be easily shared with
business partners, remote offices, and enterprise data sources, while taking advantage of new
services in the cloud. This combination provides a bridge, enabling on-premises and off-premises
applications to work together.

Associated System Components


This section describes the additional dependencies and recommendations for SQL Server 2012 and
highlights capabilities as enabled directly or when integrated with another system component.
For more information about the associated system components, see the Plan Development and
Deployment of the Solution section in Phase 1.

Interoperability with SharePoint Server 2010


SQL Server 2012 is the relational database used to store all content, data, and configuration
information used by SharePoint 2010.

Interoperability with Core and Management Services


For more information about how SQL Server 2012 integrates with Core and Management Services,
see the Plan Development and Deployment of the Solution section in Phase 1.
In Phase 2, SQL Server 2012 uses the following technologies and services:

Architecture Guide

Page 82 of 123

Windows Server 2012


Active Directory Federation Services provides web single sign-on (SSO) technologies to
authenticate a user to multiple web applications over the life of a single online session.
Active Directory Federation Services accomplishes this by securely sharing digital identity
and entitlement across security and enterprise boundaries.
Active Directory Certificate Services provides customizable services for creating and
managing public key certificates used in software security systems employing public key
technologies. AD CS can be used to enhance security by binding the identity of a person,
device, or service to a corresponding private key. AD CS enabling organizations to
manage certificate enrollment and revocation in a variety of scalable environments.

System Center family


The ability to dynamically pool, allocate, and manage data center resources and enable
self-service provisioning of virtual machines.
Simplified configuration, deployment, and management of virtual machines and services
across private and public clouds.

Microsoft Server Security


For more information about general use, Internet Security and Acceleration Server 2006 (Firewall
Service), Forefront Threat Management Gateway 2010 (Firewall Protection), Microsoft Intelligent
Application Gateway 2007, and Microsoft Forefront Unified Access Gateway 2010, sees the Plan
Development and Deployment of the Solution section in Phase 1.

Microsoft Forefront Security for SharePoint


Forefront Security for SharePoint helps organizations to protect Microsoft SharePoint collaboration
environments by eliminating documents that contain malicious code, confidential information, and
inappropriate content.
General
Forefront Security for SharePoint
TechCenter

http://technet.microsoft.com/hiin/forefront/serversecurity/bb734828(en-us).aspx

System Components Integration


This section describes the integration points of Microsoft Forefront Security for SharePoint with other
system components.

Associated System Components


This section describes the dependencies and recommendations for Microsoft Forefront Security for
SharePoint and highlights capabilities as enabled directly or when integrated with another system
component.

Interoperability with Office SharePoint Server 2007


Forefront Security for SharePoint can help protect Office SharePoint Server 2007 from malicious
software and inappropriate content.

Architecture Guide

Page 83 of 123

Forefront Protection 2010 for SharePoint


Microsoft Forefront Protection 2010 for SharePoint helps prevent users from uploading or
downloading documents that contain malicious software, out-of-policy content, or sensitive
information to SharePoint libraries. By using multiple scanning engines from industry-leading security
partners, combined with file and keyword filtering, Forefront Protection 2010 for SharePoint provides
comprehensive protection against the latest threats. It integrates with SharePoint technologies to
provide high performance and easily customized protection that is optimized for SharePoint
collaboration environments.
General
Overview

http://technet.microsoft.com/hi-in/library/cc482990(en-us).aspx

Deployment

http://technet.microsoft.com/hi-in/library/cc482993(en-us).aspx

Operations

http://technet.microsoft.com/hi-in/library/cc483031(en-us).aspx

Technical Reference

http://technet.microsoft.com/hi-in/library/dd639432(en-us).aspx

System Components Integration


This section describes the integration points of Forefront Protection 2010 for SharePoint with other
system components.

Associated System Components


This section describes the dependencies and recommendations for Forefront Protection 2010 for
SharePoint and highlights capabilities as enabled directly or when integrated with another system
component.

Interoperability with SharePoint Server 2010


Forefront Protection 2010 for SharePoint is recommended to help protect SharePoint 2010 from
malware and inappropriate content.

Microsoft Forefront Identity Manager 2010


For more information about general use, see the Plan Development and Deployment of the Solution
section in Phase 1.

Microsoft Forefront Identity Manager 2010 R2


For more information about general use, see the Plan Development and Deployment of the Solution
section in Phase 1.

Windows Server 2008 R2


For more information about general use, active directory domain services, active directory lightweight
directory services, network policy and access services, group policy, Internet Information Services 7.0,
hyper-v, windows deployment services, and windows firewall with advanced security, see the Plan
Development and Deployment of the Solution section in Phase 1.

Architecture Guide

Page 84 of 123

Active Directory Federation Services


Active Directory Federation Services enables two or more organizations to share in the management of
digital identities based on trusted business relationships. This is important for facilitating collaboration,
reducing cost, and improving security. With Active Directory Federation Services 2.0, IT can enable
users to collaborate across organizational boundaries and more easily access on-premises and hosted
applications while maintaining application security.
General
Home Page

http://technet.microsoft.com/library/cc772128(WS.10).aspx

Active Directory Federation Services in http://technet.microsoft.com/enWindows Server 2008 R2 Step-By-Step us/library/dd378921(WS.10).aspx


Guide
Active Directory Federation Services 2.0 http://technet.microsoft.com/enus/library/dd807036(WS.10).aspx
Design Guide

Active Directory Certificate Services


Active Directory Certificate Services provides customizable services for issuing and managing
certificates used in software security systems that employ public key technologies. Active Directory
Certificate Services enables organizations to deploy a digital certificate infrastructure to create a web of
authentication among devices, users, and applications.
General
Home Page

http://technet.microsoft.com/library/cc770357(WS.10).aspx

Migration Guide

http://technet.microsoft.com/enus/library/ee126170(WS.10).aspx

Windows Server 2012


For more information about general use, active directory domain services, active directory lightweight
directory services, network policy and access services, group policy, Internet Information Services 8,
hyper-v, windows deployment services, windows firewall with advanced security, and storage spaces,
see the Plan Development and Deployment of the Solution section in Phase 1.

Active Directory Federation Services


Organizations can use Active Directory Federation Services with the Windows Server 2012 operating
system to build a federated identity management solution that extends distributed identification,
authentication, and authorization services to web-based applications across organizational and
platform boundaries. By deploying Active Directory Federation Services, organizations can extend their
existing identity management capabilities to the Internet. With Active Directory Federation Services,
single sign-on (SSO) can be used to authenticate users to multiple, related web applications over the
life of a single online session. Active Directory Federation Services accomplishes this by securely
sharing digital identity and entitlement rights across security and enterprise boundaries.
General
Active Directory Federation Services

Architecture Guide

http://msdn.microsoft.com/en-us/library/bb897402.aspx

Page 85 of 123

Active Directory Federation Services


overview

http://technet.microsoft.com/en-us/library/hh831502.aspx

Active Directory Federation Services


deployment guide

http://technet.microsoft.com/en-us/library/dd807092.aspx

Active Directory Federation Services


Design Guide

http://technet.microsoft.com/en-us/library/dd807036.aspx

Active Directory Certificate Services


Active Directory Certificate Services provides customizable services for issuing and managing public
key infrastructure (PKI) certificates used in software security systems that employ public key
technologies. The digital certificates that Active Directory Certificate Services provides can be used to
encrypt and digitally sign electronic documents and messages. Further, these digital certificates can be
used for authentication of computer, user, or device accounts on a network.
General
Active Directory Certificate Services

http://technet.microsoft.com/enus/windowsserver/dd448615.aspx

Active Directory Certificate Services


overview

http://technet.microsoft.com/en-us/library/cc731564.aspx

Active Directory Certificate Services


Step-By-Step Guide

http://technet.microsoft.com/enus/library/cc772393%28v=ws.10%29.aspx

Active Directory Certificate Services


Migration Guide

http://technet.microsoft.com/enus/library/ee126170%28v=ws.10%29.aspx

Microsoft System Center


For more information about general use, System Center Operations Manager 2007 R2/ System Center
2012 Operations Manager, System Center Data Protection Manager 2010/ System Center 2012 Data
Protection Manager, System Center Configuration Manager 2007 R3/ System Center 2012
Configuration Manager, System Center Virtual Machine Manager 2008 R2/ System Center 2012 Virtual
Machine Manager, System Center Service Manager 2010/ System Center 2012 Service Manager, and
Opalis/ System Center 2012 Orchestrator, see the Plan Development and Deployment of the Solution
section in Phase 1.

System Center Virtual Machine Manager Self-service Portal 2.0


Microsoft Virtual Machine Manager Self-service Portal 2.0 is a fully supported solution that is extensible
to partners. Organizations can use it to pool, allocate, and manage computing, network, and storage
resources to deliver the foundation for a private cloud platform in the data center.
General
Overview

http://technet.microsoft.com/en-us/library/gg588340.aspx

Supported Configurations

http://technet.microsoft.com/en-us/library/gg588343.aspx

Whats New

http://technet.microsoft.com/en-us/library/gg588341.aspx

Architecture Guide

Page 86 of 123

System Center 2012 App Controller


Microsoft System Center 2012 App Controller provides a single, unified console that helps an
organization to easily configure, deploy, and manage virtual machines and services across public and
private clouds. People can manage application components in the context of the service that they
represent to the business, so that IT is managing services rather than servers.
General
Overview

http://technet.microsoft.com/library/hh546834.aspx

Getting Started

http://technet.microsoft.com/en-US/library/gg696035.aspx

Capability Walkthrough

http://technet.microsoft.com/en-us/video/system-center-appcontroller-2012-capability-walkthrough.aspx

Windows Storage Server 2008


For more information about general use, see the Plan Development and Deployment of the Solution
section in Phase 1.

Windows Storage Server 2008 R2


For more information about general use, see the Plan Development and Deployment of the Solution
section in Phase 1.

Windows Server AppFabric


For more information about general use, see the Plan Development and Deployment of the Solution
section in Phase 1.

Microsoft Hyper-V Server 2008


For more information about general use, see the Plan Development and Deployment of the Solution
section in Phase 1.

Microsoft Hyper-V Server 2008 R2


For more information about general use, see the Plan Development and Deployment of the Solution
section in Phase 1.

Microsoft BizTalk Server 2009


For more information about general use, see the Plan Development and Deployment of the Solution
section in Phase 1.

System Components Integration


This section describes the additional and enhanced integration points of BizTalk Server 2009 with other
system components.

Associated System Components


This section describes the additional dependencies and recommendations for BizTalk Server 2009 and
highlights capabilities as enabled directly or when integrated with another system component.
For more information about the associated system components, see the Plan Development and
Deployment of the Solution section in Phase 1.

Architecture Guide

Page 87 of 123

Interoperability with Office SharePoint Server 2007


BizTalk Server 2009 enables Business Activity Monitoring (BAM). The BAM Portal is a web
application that enables transactional data from within the business processes to be fully exposed
with the SharePoint Portal Server. BAM provides a web service interface to expose the query of
aggregate and instance data, creation of alerts, and retrieval of BAM configurations.

Interoperability with Core and Management Services


For more information about how BizTalk Server 2009 integrates with Core and Management
Services, see the Plan Development and Deployment of the Solution section in Phase 1.

In Phase 2, BizTalk Server 2009 uses the following technologies and services:

Windows Server 2008 R2


Active Directory Federation Services provides web single sign-on (SSO) technologies to
authenticate a user to multiple web applications over the life of a single online session.
Active Directory Federation Services accomplishes this by securely sharing digital identity
and entitlement across security and enterprise boundaries.
Active Directory Certificate Services provides customizable services for creating and
managing public key certificates used in software security systems employing public key
technologies. AD CS can be used to enhance security by binding the identity of a person,
device, or service to a corresponding private key. AD CS enables organizations to manage
certificate enrollment and revocation in a variety of scalable environments.

System Center family


The ability to dynamically pool, allocate, and manage data center resources and enable
self-service provisioning of virtual machines.
Simplified configuration, deployment, and management of virtual machines and services
across private and public clouds.

Microsoft BizTalk Server 2010


For more information about general use, see the Plan Development and Deployment of the Solution
section in Phase 1.

System Components Integration


This section describes the additional and enhanced integration points of BizTalk Server 2010 with other
system components.

Associated System Components


This section describes the additional dependencies and recommendations for BizTalk Server 2010 and
highlights capabilities as enabled directly or when integrated with another system component.
For more information about the associated system components, see the Plan Development and
Deployment of the Solution section in Phase 1.

Interoperability with SharePoint Server 2010


BizTalk Server 2010 enables Business Activity Monitoring (BAM). The BAM Portal is a web
application that enables transactional data from within the business processes to be fully exposed
with the SharePoint Portal Server. BAM provides a web service interface to expose the query of
aggregate and instance data, creation of alerts, and retrieval of BAM configurations.

Architecture Guide

Page 88 of 123

Interoperability with Core and Management Services


For more information about how BizTalk Server 2010 integrates with Core and Management
Services, see the Plan Development and Deployment of the Solution section in Phase 1.
In Phase 2, BizTalk Server 2009 uses the following technologies and services:

Windows Server 2012


Active Directory Federation Services provides web single sign-on (SSO) technologies to
authenticate a user to multiple web applications over the life of a single online session.
Active Directory Federation Services accomplishes this by securely sharing digital identity
and entitlement across security and enterprise boundaries.
Active Directory Certificate Services provides customizable services for creating and
managing public key certificates used in software security systems employing public key
technologies. AD CS can be used to enhance security by binding the identity of a person,
device, or service to a corresponding private key. AD CS enables organizations to manage
certificate enrollment and revocation in a variety of scalable environments.

System Center family


The ability to dynamically pool, allocate, and manage data center resources and enable
self-service provisioning of virtual machines.
Simplified configuration, deployment, and management of virtual machines and services
across private and public clouds.

CLIENT TECHNOLOGIES
This section contains links to the client technologies that Table 2 references.

Microsoft Office 2007


For more information about general use, Microsoft Office Outlook 2007, Microsoft Office Word 2007,
Microsoft Office Excel 2007, and Microsoft Office PowerPoint 2007, see the Plan Development and
Deployment of the Solution section in Phase 1.

Microsoft Office 2010


For more information about general use, Microsoft Outlook 2010, Microsoft Word 2010, Microsoft
Excel 2010, and Microsoft PowerPoint 2010, see the Plan Development and Deployment of the Solution
section in Phase 1.

Microsoft Office Visio 2007


For more information about general use, see the Plan Development and Deployment of the Solution
section in Phase 1.

Microsoft Visio 2010


For more information about general use, see the Plan Development and Deployment of the Solution
section in Phase 1.

Microsoft Office Project 2007


For more information about general use, see the Plan Development and Deployment of the Solution
section in Phase 1.

Architecture Guide

Page 89 of 123

Microsoft Project 2010


For more information about general use, see the Plan Development and Deployment of the Solution
section in Phase 1.

Forefront Endpoint Protection 2010


For more information about general use, see the Plan Development and Deployment of the Solution
section in Phase 1.

System Center 2012 Endpoint Protection


For more information about general use, see the Plan Development and Deployment of the Solution
section in Phase 1.

Windows 7
For more information about general use, see the Plan Development and Deployment of the Solution
section in Phase 1.

Windows 8
For more information about general use, and offline files, see the Plan Development and Deployment
of the Solution section in Phase 1.

CLOUD TECHNOLOGIES
This section contains links to the cloud technologies that Table 2 references.

Business Productivity Online Standard (BPOS) Suite


For more information about general use, see the Plan Development and Deployment of the Solution
section in Phase 1.

Office 365
For more information about general use, see the Plan Development and Deployment of the Solution
section in Phase 1.

Microsoft SharePoint Online


For more information about general use, see the Plan Development and Deployment of the Solution
section in Phase 1.

Windows Azure Platform


For more information about general use, and active directory access control, see the Plan Development
and Deployment of the Solution section in Phase 1.

Microsoft SQL Azure


For more information about general use, see the Plan Development and Deployment of the Solution
section in Phase 1.

System Components Integration


This section describes the additional and enhanced integration points of Microsoft SQL Azure with
other system components.

Architecture Guide

Page 90 of 123

Usage Scenarios
This section describes the additional and enhanced usage scenarios as supported by Microsoft SQL
Azure in integration with other system components.
Bidirectional data synchronization between on-premises and cloud storage

Interoperability with SQL Server 2008 R2


Microsoft SQL Azure Data Sync provides symmetry between SQL Azure and SQL Server through
bidirectional data synchronization. This combination provides a bridge, allowing on-premises and
off-premises applications to work together.

Interoperability with SQL Server 2012


Microsoft SQL Azure Data Sync provides symmetry between SQL Azure and SQL Server through
bidirectional data synchronization. Using SQL Azure Data Sync, organizations can use the power of
SQL Azure to build business data hubs in the cloud, allowing information to be easily shared with
business partners, remote offices, and enterprise data sources, while taking advantage of new
services in the cloud. This combination provides a bridge, allowing on-premises and off-premises
applications to work together.

Windows Azure
For more information about general use, see the Plan Development and Deployment of the Solution
section in Phase 1.
On-demand compute and storage on the Internet
Windows Azure provides on-demand compute and storage capabilities to host, scale, and manages
web applications and services on the Internet hosted in Microsoft data centers. Windows Azure
provides features that consumers of cloud services require. For example, physical hardware resources
are abstracted away and exposed as compute resources ready to be used by cloud applications.
Physical storage is abstracted with storage resources and exposed through well-defined storage
interfaces. A common Windows fabric abstracts the physical hardware and software platform and
exposes virtualized compute and storage resources. In addition, each instance of the application is
monitored for availability and scalability and automatically managed.
For example, if an application in an instance goes down, the fabric controller will be notified and
another instance in another virtual machine (VM) will be instantiated with limited impact to end users.
Because of the amount of virtualization, when writing code, developers should avoid any assumptions
about the state of the machines hosting their applications. In Windows Azure, services can easily be
moved to a new virtual machine. Windows Azure follows a model-driven service management design
in which Azure Fabric Controller is responsible for mapping declarative service specifications to
available resources and managing the life cycle of the services.
Cloud-based development, service hosting, and service management environment
Windows Azure is the operating system that serves as the development, run-time, and control
environment for the Windows Azure Platform. Windows Azure handles load balancing and resource
management and automatically manages the life cycle of a service based on requirements established
by the owner of the service.

Architecture Guide

Page 91 of 123

Unified provisioning and billing framework


Microsoft Codename "Dallas" is a new service that helps developers and information workers easily
discover, purchase, and manage premium data subscriptions in the Windows Azure platform. Dallas is
an information marketplace that brings data, imagery, and real-time web services from leading
commercial data providers and authoritative public data sources together into a single location, under
a unified provisioning and billing framework. Additionally, Dallas APIs allow developers and
information workers to consume this premium content with virtually any platform, application, or
business workflow.

AppFabric
For more information about general use, see the Plan Development and Deployment of the Solution
section in Phase 1.
Bidirectional communication in an interoperable manner through composite applications, custom web
applications, and packaged line-of-business
AppFabric Service Bus gives developers the flexibility to connect applications and to choose how they
communicate. This helps to build distributed and composite applications while also helping address
the challenges presented by firewalls, NATs, dynamic IP, and disparate domains and identity systems.
AppFabric Service Bus supports bidirectional communication via full-duplex, connection-oriented
sessions between sender and listener. It also supports unicast and multicast datagram distribution via
one-way messaging.
Ability to publish and subscribe for multicasting
AppFabric Service Bus helps users expose application or service functionality across a variety of
network-related constraints and establishes connectivity and flexible communication among
applications. After AppFabric Service Bus has established connectivity among applications, it provides
flexibility for how applications can communicate with each other. It helps developers build solutions
with different communication patterns, including relayed, buffered, bidirectional, publish-subscribe,
multicast, streaming, and direct-connect. AppFabric Service Bus provides each service a stable Internetaccessible Uniform Resource Identifier (URI) that any authorized client application can access.

Microsoft Online Backup Service


For more information about general use, see the Plan Development and Deployment of the Solution
section in Phase 1.

System Components Integration


This section describes the integration points of Microsoft Online Backup Service with other system
components.

Usage Scenarios
This section describes the usage scenarios supported by Microsoft Online Backup Service.
On-demand compute and storage on the Internet
For more information about how the Microsoft Online Backup Service supports this scenario, see the
Plan Development and Deployment of the Solution section in Phase 1.

Architecture Guide

Page 92 of 123

DEVELOPMENT TOOLS
This section contains links to the development tools that Table 2 references.

Microsoft .NET Framework 4.0


For more information about general use, see the Plan Development and Deployment of the Solution
section in Phase 1.

Visual Studio Team Foundation Server 2010


For more information about general use, see the Plan Development and Deployment of the Solution
section in Phase 1.

System Components Integration


This section describes the integration points of Visual Studio Team Foundation Server 2010 with other
system components.

Usage Scenarios
This section describes the usage scenarios as supported by Visual Studio Team Foundation Server 2010
in integration with other system components.
Creation, prototyping, and deployment of applications that integrate data across the organization
For more information about how the Visual Studio Team Foundation Server 2010 supports this
scenario, see the Plan Development and Deployment of the Solution section in Phase 1.

Visual Studio 11 Team Foundation Server


For more information about general use, see the Plan Development and Deployment of the Solution
section in Phase 1.

System Components Integration


This section describes the integration points of Visual Studio 11 Team Foundation Server with other
system components.

Usage Scenarios
This section describes the usage scenarios as supported by Visual Studio 11 Team Foundation Server in
integration with other system components.
Creation, prototyping, and deployment of applications that integrate data across the organization
Team Foundation Server (TFS) is intended for collaborative software development projects. Users can
run, monitor, and manage builds using Team Foundation Build to compile code and run tests. Users
can also quickly prototype a new or modified interface.

Microsoft Visual Studio Team System 2008


For more information about general use, see the Plan Development and Deployment of the Solution
section in Phase 1.

Architecture Guide

Page 93 of 123

System Components Integration


This section describes the additional and enhanced integration points of Visual Studio Team System
2008 with other system components.

Associated System Components


This section describes the additional dependencies and recommendations for Visual Studio Team
System 2008 and highlights capabilities as enabled directly or when integrated with another system
component.

Interoperability with Office SharePoint Server 2007


Developers can use Visual Studio Team System 2008 to create document-handling processes, help
users collaborate through portals and workspaces, and connect users to information in enterprise
business systems.

Microsoft Visual Studio Team System 2010


For more information about general use, see the Plan Development and Deployment of the Solution
section in Phase 1.

System Components Integration


This section describes the additional and enhanced integration points of Visual Studio Team System
2010 with other system components.

Associated System Components


This section describes the additional dependencies and recommendations for Visual Studio Team
System 2010 and highlights capabilities as enabled directly or when integrated with another system
component.

Interoperability with SharePoint 2010


Developers can use Visual Studio Team System 2010 to create document-handling processes, help
users collaborate through portals and workspaces, and connect users to information in enterprise
business systems.

Visual Studio 11
For more information about general use, see the Plan Development and Deployment of the Solution
section in Phase 1.

System Components Integration


This section describes the additional and enhanced integration points of Visual Studio 11 with other
system components.

Associated System Components


This section describes the additional dependencies and recommendations for Visual Studio 11 and
highlights capabilities as enabled directly or when integrated with another system component.

Architecture Guide

Page 94 of 123

Interoperability with SharePoint 2010


Developers can use Visual Studio 11 to create document-handling processes, help users
collaborate through portals and workspaces, and connect users to information in enterprise
business systems.

Windows Communications Foundation (WCF) Services


For more information about general use, see the Plan Development and Deployment of the Solution
section in Phase 1.

TOOLS
This section contains links to the tools that Table 2 references.

Microsoft Assessment and Planning Toolkit 6.0/6.5


For more information about general use, see the Plan Development and Deployment of the Solution
section in Phase 1.

Microsoft Security Assessment Tool


For more information about general use, see the Plan Development and Deployment of the Solution
section in Phase 1.

Microsoft Software Inventory Analyzer 5.0/5.1


For more information about general use, see the Plan Development and Deployment of the Solution
section in Phase 1.

Microsoft Deployment Toolkit 2010


For more information about general use, see the Plan Development and Deployment of the Solution
section in Phase 1.

Microsoft Deployment Toolkit 2012


For more information about general use, see the Plan Development and Deployment of the Solution
section in Phase 1.

Windows Automated Installation Kit


For more information about general use, see the Plan Development and Deployment of the Solution
section in Phase 1.

Security Compliance Management Toolkit


For more information about general use, and Microsoft Security Compliance Manager, see the Plan
Development and Deployment of the Solution section in Phase 1.

Compliance Management Libraries/2.0


For more information about general use, see the Plan Development and Deployment of the Solution
section in Phase 1.

Architecture Guide

Page 95 of 123

Windows SDK
Windows Software Development Kit contains tools and APIs that can be used to create applications for
the Windows operating system. Developers can use the Windows SDK, along with their chosen
development environment, to write native or managed Windows Store apps, desktop applications that
use the native (Win32/COM) programming model, or desktop applications that use the managed (.NET
Framework) programming model. Windows SDK supports Windows Vista, Windows 7, Windows 8,
Windows Server 2008, Windows Server 2008 R2, and Windows Server 2012 operating systems.
General
Overview

http://msdn.microsoft.com/en-us/library/ms717422.aspx

Development Resources in the


Windows SDK

http://msdn.microsoft.com/en-us/library/ff660763.aspx

What's New in the Windows SDK

http://msdn.microsoft.com/en-us/library/ms717428.aspx

Data Classification Toolkit


For more information about general use, see the Plan Development and Deployment of the Solution
section in Phase 1.

IT Governance, Risk, and Compliance Process Management pack/2.0


For more information about general use, see the Plan Development and Deployment of the Solution
section in Phase 1.

BizTalk ESB Toolkit


For more information about general use, see the Plan Development and Deployment of the Solution
section in Phase 1.

Architecture Guide

Page 96 of 123

Phase 3
This section provides the definition, Optimization mapping; technology mapping; logical architecture;
illustrative physical architecture; system components; and references to plan, develop, and deploy
Phase 3.

Envision the Solution


This section provides the definition of Phase 3 and other useful information, such as starting points, to
help you envision your solutions definition, Optimization mapping, and technology mapping.

Definition
Phase 3 is a robust, enterprise-class deployment that addresses the following goals:

Refines, integrates, and streamlines to maximize value contribution.

Helps your customers realize the fully-achieved solution vision.

The conceptual architecture diagram in Figure represents the collective set of business capabilities that
Phase 3 includes.
Figure 13 Conceptual architecture diagram for Phase 3

Architecture Guide

Page 97 of 123

This section describes the integrated capabilities of the Phase 3 solution. Organizations can use this
section to better understand which integrated capabilities they need to customize for the solution to
meet specific business needs.
Organizations that require a Phase 3 solution for Azure need to provide a simple, reliable, flexible, and
secure solution that is deployed from the cloud and integrates with on-premises assets. They need a
solution that gives supervision and control of distributed data assets along with a consistent
development and management experience across on-premises environment and the cloud.
Organizations need to extend the availability of on-premises data to allow information to be easily
shared with remote offices, mobile workers, and business partners through the cloud from multiple
locations. They need to provide business data hubs in the cloud. They also need to provide a reliable
and secure platform to scale services and accommodate customer demands and business needs via
rules-based authorization and a flexible, standards-based service that supports multiple credentials
and parties.

Optimization Mapping
Figure shows the Optimization mapping for Phase 3.
Figure 14 Optimization mapping for Phase 3

Architecture Guide

Page 98 of 123

Architecture Guide

Page 99 of 123

Architecture Guide

Page 100 of 123

Technology Mapping
Phase 3 requires the following Microsoft technologies:

Client Technologies
Office 2007 / 2010

Office Outlook 2007 / Outlook 2010, Office Word 2007 / Word 2010, Office Excel 2007 / Excel
2010, Office PowerPoint 2007 / PowerPoint 2010

Office Visio 2007 / Visio 2010

Office Project 2007 / Project 2010

Forefront Endpoint Protection 2010 / System Center 2012 Endpoint Protection

Windows 7 / 8

Server Technologies
Office SharePoint Server 2007 / SharePoint Server 2010

SQL Server 2008 R2 / 2012

Microsoft Server Security

Forefront Security for SharePoint / Forefront Protection 2010 for SharePoint

Internet Security and Acceleration Server 2006 / Forefront Threat Management Gateway 2010

Intelligent Application Gateway 2007 / Forefront Unified Access Gateway 2010

Forefront Identity Manager 2010 / 2010 R2

Windows Server 2008 R2 / 2012

Microsoft System Center

System Center Operations Manager 2007 R2 / System Center 2012 Operations Manager

System Center Data Protection Manager 2010 / System Center 2012 Data Protection Manager

System Center Configuration Manager 2007 R3 / System Center 2012 Configuration Manager

System Center Virtual Machine Manager 2008 R2 / System Center 2012 Virtual Machine
Manager

System Center Virtual Machine Manager Self Service Portal 2.0

System Center Service Manager 2010 / System Center 2012 Service Manager

Opalis / System Center 2012 Orchestrator

System Center 2012 App Controller

Windows Storage Server 2008 / 2008 R2

Windows Server AppFabric

Hyper-V Server 2008 / 2008 R2

BizTalk Server 2009 / 2010

Architecture Guide

Page 101 of 123

Cloud Technologies
Business Productivity Online Services / Office 365

SharePoint Online

Windows Azure platform

Windows Azure

Windows Azure AppFabric

SQL Azure

Online Backup Service

Development Tools
.NET Framework

Visual Studio 2010 Team Foundation Server / Visual Studio 11 Team Foundation Server

Visual Studio Team System 2008 / 2010 / 11

Windows Communications Foundation (WCF) Services

Tools
Assessment and Planning Toolkit 6.0 / 6.5

Security Assessment Tool

Software Inventory Analyzer 5.0 / 5.1

Deployment Toolkit 2010 / 2012

Windows Automated Installation Kit

Security Compliance Management Toolkit

Compliance Management Libraries 2.0

Windows SDK

Data Classification Toolkit

IT Governance, Risk and Compliance Process Management Pack 2.0

BizTalk ESB Toolkit

Architecture Guide

Page 102 of 123

Architect the Solution


This section provides the logical architecture, illustrative physical architecture, and list of required
system components for Phase 3, which are useful starting points to help you design your solution.

Logical Architecture
Figure 15 is the logical architecture diagram that shows the infrastructure of Phase 3 and its
functionalities. This diagram provides a high-level overview of the requirements to implement Phase 3.
This diagram is a starting point; you should customize it to meet the specific needs of your
organization.
Figure 15 Logical architecture diagram of Phase 3

Illustrative Physical Architecture


Figure 16 is an illustrative physical architecture diagram for Phase 3. A physical architecture diagram
shifts from describing technologies as capabilities and roles to describing physical systems. As with all
sample diagrams, you should customize this diagram to meet the specific needs of your organization.
For more information about customizing this diagram (including the required software product
editions), see Plan Development and Deployment of the Solution in Phase 3.

Architecture Guide

Page 103 of 123

Figure 16 Physical architecture for Phase 3

System Components
This section lists the system components that Phase 3 requires. The system components consist of
product components that are grouped by product families. Table 3 lists the product components that
each solution capability in Phase 3 needs. You can use this table to better understand which product
components you need to meet the specific solution capability requirements for your customized
solution.
The legend for the table is as follows:
X

Product must be included to enable the solution capability.

Product is recommended to better enable the solution capability.

Architecture Guide

Page 104 of 123

Forefront Endpoint Protection 2010


/ System Center 2012 Endpoint
Protection

Windows 7

Interoperable bidirectional communication through


composite applications, custom web applications, and
packaged LOB applications

Applications that integrate with existing on-premises


environments

Cloud-based development, service hosting, and service


management environment

Business data hubs in the cloud

Product component

Flexible, standards-based service to support multiple


credentials and relying parties

Web applications and services that supports multiple


languages and standards

Product family

Federated identity and access control to secure


applications

Simple, reliable, flexible, and powerful cloud platform

Rule-based authorization for services and applications

Table 3 System components for Phase 3

CLIENT TECHNOLOGIES
Office 2007 / 2010
Office Outlook 2007 / Outlook
2010, Office Word 2007 / Word
2010, Office Excel 2007 / Excel
2010, Office PowerPoint 2007 /
PowerPoint 2010

Office Visio 2007 / Visio 2010


Office Project 2007 / Project 2010

Windows 8
Offline Files
DirectAccess

SERVER TECHNOLOGIES
Office SharePoint Server 2007 /
SharePoint Server 2010*
Sites and Portals

Single Sign-On Service / Secure


Store Service*

SQL Server 2008 R2 / 2012


Database Engine
Server Security
Forefront Security for SharePoint
/ Forefront Protection 2010 for
SharePoint

Architecture Guide

Page 105 of 123

Simple, reliable, flexible, and powerful cloud platform

Web applications and services that supports multiple


languages and standards

Business data hubs in the cloud

Applications that integrate with existing on-premises


environments

Federated identity and access control to secure


applications

Rule-based authorization for services and applications

Flexible, standards-based service to support multiple


credentials and relying parties

Cloud-based development, service hosting, and service


management environment

Interoperable bidirectional communication through


composite applications, custom web applications, and
packaged LOB applications

Active Directory Federation


Services

Active Directory Certificate


Services

Product family
Product component

Internet Security and Acceleration


Server 2006 / Forefront Threat
Management Gateway 2010
Firewall
Intelligent Application Gateway
2007 / Forefront Unified Access
Gateway 2010
Forefront Identity Manager 2010 /
2010 R2
Windows Server 2008 R2 / 2012*
Active Directory Domain
Services

Active Directory Lightweight


Directory Services

Network Policy and Access


Services

*
*

Group Policy

Internet Information Services (IIS)


7/8

Hyper-V

Windows Deployment Services


Windows Firewall with Advanced
Security
DirectAccess

*
*

Storage Spaces*
System Center

Architecture Guide

Page 106 of 123

Flexible, standards-based service to support multiple


credentials and relying parties

Cloud-based development, service hosting, and service


management environment

Interoperable bidirectional communication through


composite applications, custom web applications, and
packaged LOB applications

Rule-based authorization for services and applications

Federated identity and access control to secure


applications

Applications that integrate with existing on-premises


environments

Business data hubs in the cloud

Web applications and services that supports multiple


languages and standards

Simple, reliable, flexible, and powerful cloud platform

System Center Operations


Manager 2007 R2 / System
Center 2012 Operations Manager

System Center Data Protection


Manager 2010 / System Center
2012 Data Protection Manager

System Center Configuration


Manager 2007 R3 / System
Center 2012 Configuration
Manager

System Center Virtual Machine


Manager 2008 R2 / System
Center 2012 Virtual Machine
Manager

Product family
Product component

System Center Virtual Machine


Manager Self Service Portal 2.0

System Center Service Manager


2010 / System Center 2012
Service Manager

Opalis / System Center 2012


Orchestrator

System Center 2012 App


Controller

*
*

Windows Storage Server 2008 /


2008 R2

Windows Server AppFabric

Hyper-V Server 2008 / 2008 R2

BizTalk Server 2009 / 2010

X
*

X
*

CLOUD TECHNOLOGIES
BPOS / Office 365*
SharePoint Online

Windows Azure platform

Architecture Guide

Page 107 of 123

Windows Azure AppFabric

Active Directory Access Control


SQL Azure

*
X

X
X

X
X

Interoperable bidirectional communication through


composite applications, custom web applications, and
packaged LOB applications

Cloud-based development, service hosting, and service


management environment

Applications that integrate with existing on-premises


environments

Flexible, standards-based service to support multiple


credentials and relying parties

Business data hubs in the cloud

Rule-based authorization for services and applications

Web applications and services that supports multiple


languages and standards

Product component

Federated identity and access control to secure


applications

Simple, reliable, flexible, and powerful cloud platform

Windows Azure

Product family

Online Backup Service

DEVELOPMENT TOOLS
.NET Framework

Visual Studio 2010 Team Foundation


Server / Visual Studio 11 Team
Foundation Server

Visual Studio Team System 2008 /


2010 / 11

Windows Communications
Foundation (WCF) Services

TOOLS, ADD-INS, LIBRARIES, AND FRAMEWORKS


Assessment and Planning Toolkit 6.0
/ 6.5

Security Assessment Tool

Software Inventory Analyzer 5.0 /


5.1

Deployment Toolkit 2010 / 2012

Windows Automated Installation Kit

Security Compliance Management


Toolkit
Security Compliance Manager 2.x
Compliance Management Libraries
2.0

*
*

Windows SDK
Data Classification Toolkit

Architecture Guide

Page 108 of 123

IT Governance, Risk and Compliance


Process Management Pack 2.0
BizTalk ESB Toolkit

Interoperable bidirectional communication through


composite applications, custom web applications, and
packaged LOB applications

Cloud-based development, service hosting, and service


management environment

Flexible, standards-based service to support multiple


credentials and relying parties

Rule-based authorization for services and applications

Federated identity and access control to secure


applications

Applications that integrate with existing on-premises


environments

Business data hubs in the cloud

Product component

Web applications and services that supports multiple


languages and standards

Simple, reliable, flexible, and powerful cloud platform

Product family

*
*

*
*

Plan Development and Deployment of the Solution


This section provides references to help you plan to develop and deploy the server product
components that are relevant to Phase 3.

SERVER TECHNOLOGIES
This section contains links to the server technologies that Table 3 references.

Microsoft Office SharePoint Server 2007


For more information about general use, and Portals, see the Plan Development and Deployment of
the Solution section in Phase 2.

Single Sign-on Services


Microsoft Office SharePoint Server 2007 features Single Sign-on (SSO) Services, which provides storage
and mapping of credentials such as account names and passwords. Using SSO, portal site-based
applications can retrieve information from third-party applications and back-end systems such as
Enterprise Resource Planning (ERP) and Customer Relations Management (CRM) systems. With single
sign-on functionality, people need to authenticate only once when accessing portal site-based
applications that need to obtain information from other business applications and systems.
General
Overview

http://msdn.microsoft.com/en-us/library/ms580316.aspx

Configure Single Sign-on Services

http://technet.microsoft.com/en-us/library/cc262932.aspx

Start Single Sign-on Services

http://technet.microsoft.com/en-us/library/cc262235.aspx

Architecture Guide

Page 109 of 123

System Components Integration


This section describes the additional and enhanced integration points of Office SharePoint Server 2007
with other system components.

Associated System Components


This section describes the additional dependencies and recommendations for Office SharePoint Server
2007 and highlights the capabilities as enabled directly or when integrated with other system
components.
For more information about the associated system components, see the Plan Development and
Deployment of the Solution section in Phase 2.

Interoperability with Core and Management Services


For more information about how Office SharePoint Server 2007 integrates with Core and
Management Services, see the Plan Development and Deployment of the Solution section in Phase
2.
In Phase 3, Office SharePoint Server 2007 uses the following technologies and services:

Windows Server 2008 R2


DirectAccess enables remote users to more securely access enterprise shares, websites,
and applications without connecting to a virtual private network (VPN).

Microsoft SharePoint 2010


For more information about general use, and SharePoint Sites, see the Plan Development and
Deployment of the Solution section in Phase 2.

Secure Store Service


In Microsoft SharePoint 2010, the Secure Store Service replaces the single sign-on (SSO) feature. The
Secure Store Service is a claims-aware authorization service that includes a secure database for storing
credentials that are associated with application IDs. People can use these application IDs to authorize
access to external data sources.
General
Plan the Secure Store Service

http://technet.microsoft.com/enus/library/ee806889(office.14).aspx

Configure the Secure Store Service

http://technet.microsoft.com/enus/library/ee806866(office.14).aspx

System Components Integration


This section describes the additional and enhanced integration points of SharePoint 2010 with other
system components.

Associated System Components


This section describes the additional dependencies and recommendations for SharePoint 2010 and
highlights the capabilities as enabled directly or when integrated with other system components.

Architecture Guide

Page 110 of 123

For more information about the associated system components, see the Plan Development and
Deployment of the Solution section in Phase 2.

Interoperability with Core and Management Services


For more information about how SharePoint 2010 integrates with Core and Management Services,
see the Plan Development and Deployment of the Solution section in Phase 2.
In Phase 3, SharePoint 2010 uses the following technologies and services:

Windows Server 2012


DirectAccess enables remote users to more securely access enterprise shares, websites,
and applications without connecting to a virtual private network (VPN).

Microsoft SQL Server 2008 R2


For more information about general use, and Database Engine, see the Plan Development and
Deployment of the Solution section in Phase 1.

System Components Integration


This section describes the additional and enhanced integration points of SQL Server 2008 R2 with other
system components.

Usage Scenarios
This section describes the additional and enhanced usage scenarios as supported by SQL Server 2008
R2 in integration with other system components.
Business data hubs in the cloud

Interoperability with SQL Azure


Using SQL Azure Data Sync, organizations can use the power of SQL Azure and Microsoft Sync
Framework to build business data hubs in the cloud to enable information to be easily shared with
mobile users, business partners, remote offices, and enterprise data sourcesall while taking
advantage of new services in the cloud.

Associated System Components


This section describes the additional dependencies and recommendations for SQL Server 2008 R2 and
highlights capabilities as enabled directly or when integrated with another system component.
For more information about the associated system components, see the Plan Development and
Deployment of the Solution section in Phase 2.

Interoperability with Core and Management Services


For more information about how SQL Server 2008 integrates with Core and Management Services,
see the Plan Development and Deployment of the Solution section in Phase 2.
In Phase 3, SQL Server 2008 R2 uses the following technologies and services:

Windows Server 2008 R2


DirectAccess enables remote users to more securely access enterprise shares, websites,
and applications without connecting to a virtual private network (VPN).

Architecture Guide

Page 111 of 123

Microsoft SQL Server 2012


For more information about general use, and Database Engine, see the Plan Development and
Deployment of the Solution section in Phase 1.

System Components Integration


This section describes the additional and enhanced integration points of SQL Server 2012 with other
system components.

Usage Scenarios
This section describes the additional and enhanced usage scenarios as supported by SQL Server 2012
in integration with other system components.
Business data hubs in the cloud

Interoperability with SQL Azure


Using SQL Azure Data Sync, organizations can use the power of SQL Azure and Microsoft Sync
Framework to build business data hubs in the cloud allowing information to be easily shared with
mobile users, business partners, remote offices, and enterprise data sourcesall while taking
advantage of new services in the cloud.

Associated System Components


This section describes the additional dependencies and recommendations for SQL Server 2012 and
highlights capabilities as enabled directly or when integrated with another system component.
For more information about the associated system components, see the Plan Development and
Deployment of the Solution section in Phase 2.

Interoperability with Core and Management Services


For more information about how SQL Server 2012 integrates with Core and Management Services,
see the Plan Development and Deployment of the Solution section in Phase 2.
In Phase 3, SQL Server 2012 uses the following technologies and services:

Windows Server 2012


DirectAccess enables remote users to more securely access enterprise shares, websites,
and applications without connecting to a virtual private network (VPN).

Microsoft Server Security


For more information about general use, Internet Security and Acceleration Server 2006 (Firewall
Service), Forefront Threat Management Gateway 2010 (Firewall Protection), Microsoft Intelligent
Application Gateway 2007, and Microsoft Forefront Unified Access Gateway 2010, sees the Plan
Development and Deployment of the Solution section in Phase 1.
For more information about Microsoft Forefront Security for SharePoint, and Forefront Protection 2010
for SharePoint, see the Plan Development and Deployment of the Solution section in Phase 2.

Microsoft Forefront Identity Manager 2010


For more information about general use, see the Plan Development and Deployment of the Solution
section in Phase 1.

Architecture Guide

Page 112 of 123

Microsoft Forefront Identity Manager 2010 R2


For more information about general use, see the Plan Development and Deployment of the Solution
section in Phase 1.

Windows Server 2008 R2


For more information about general use, active directory domain services, active directory lightweight
directory services, network policy and access services, group policy, Internet Information Services 7.0,
hyper-v, windows deployment services, and windows firewall with advanced security, see the Plan
Development and Deployment of the Solution section in Phase 1.
For more information about active directory federation services, and active directory certificate
services, see the Plan Development and Deployment of the Solution section in Phase 2.

DirectAccess
DirectAccess is a feature in the Windows 7 and Windows Server 2008 R2 operating systems that gives
users the experience of being seamlessly connected to the corporate network any time they have
Internet access. With DirectAccess, organizations can manage mobile computers any time the
computers have Internet connectivity, which helps to ensure that mobile users stay up-to-date with
security and system health policies.
General
Overview

http://technet.microsoft.com/enus/library/dd758757(v=ws.10).aspx

DirectAccess Design Guide

http://technet.microsoft.com/enus/library/ee382297(WS.10).aspx

DirectAccess Deployment Guide

http://technet.microsoft.com/enus/library/ee649163(WS.10).aspx

DirectAccess Troubleshooting Guide

http://technet.microsoft.com/enus/library/ee624056(WS.10).aspx

System Components Integration


This section describes the integration points of Windows Server 2008 R2 with other system
components.

Usage Scenarios
This section describes the usage scenarios as supported by Windows Server 2008 R2 in integration with
other system components.
Federated identity and access control to secure applications

Interoperability with Windows Azure Platform


Active Directory Access Control of Windows Azure Platform helps to build federated authorization
into applications and services, without the complicated programming that is normally required to
secure applications that extend beyond organizational boundaries. It provides claims-based access
control in the cloud and includes a claims transformation engine that federates with identity
providers like Active Directory Federation Services 2.0.

Architecture Guide

Page 113 of 123

Rule-based authorization for services and applications

Interoperability with Windows Azure AppFabric


Windows Azure Platform AppFabric provides federated identity and access control through rulebased authorization and enables applications to respond as if the user accounts were managed
locally. Administrators can create user accounts that federate a customer's existing identity
management system that uses the Active Directory service, other directory systems, or any
standards-based infrastructure.

Windows Server 2012


For more information about general use, active directory domain services, active directory lightweight
directory services, network policy and access services, group policy, Internet Information Services 8,
hyper-v, windows deployment services, windows firewall with advanced security, and storage spaces,
see the Plan Development and Deployment of the Solution section in Phase 1.
For more information about active directory federation services, and active directory certificate
services, see the Plan Development and Deployment of the Solution section in Phase 2.

DirectAccess
Windows Server 2012 offers DirectAccess, an enhanced remote access feature that allows connectivity
to corporate network resources without the need for traditional virtual private network (VPN)
connections. DirectAccess provides support only for domain-joined Windows 8 and Windows 7 clients.
Windows Server 2012 DirectAccess provides multiple updates and improvements to address
deployment blockers and provide simplified management.
General
Overview

http://technet.microsoft.com/en-us/library/hh831416

DirectAccess Offline Domain Join

http://technet.microsoft.com/en-us/library/jj574150.aspx

System Components Integration


This section describes the integration points of Windows Server 2012 with other system components.

Usage Scenarios
This section describes the usage scenarios as supported by Windows Server 2012 in integration with
other system components.
Federated identity and access control to secure applications

Interoperability with Windows Azure Platform


Active Directory Access Control of Windows Azure Platform helps to build federated authorization
into applications and services, without the complicated programming that is normally required to
secure applications that extend beyond organizational boundaries. It provides claims-based access
control in the cloud and includes a claims transformation engine that federates with identity
providers like Active Directory Federation Services 2.0.

Architecture Guide

Page 114 of 123

Rule-based authorization for services and applications

Interoperability with Windows Azure AppFabric


Windows Azure Platform AppFabric provides federated identity and access control through rulebased authorization and enables applications to respond as if the user accounts were managed
locally. Administrators can create user accounts that federate a customer's existing identity
management system that uses the Active Directory service, other directory systems, or any
standards-based infrastructure.

Microsoft System Center


For more information about general use, System Center Operations Manager 2007 R2 / System Center
2012 Operations Manager, System Center Data Protection Manager 2010/ System Center 2012 Data
Protection Manager, System Center Configuration Manager 2007 R3/ System Center 2012
Configuration Manager, System Center Virtual Machine Manager 2008 R2/ System Center 2012 Virtual
Machine Manager, System Center Service Manager 2010/ System Center 2012 Service Manager, and
Opalis/ System Center 2012 Orchestrator, see the Plan Development and Deployment of the Solution
section in Phase 1.

System Center 2012 Virtual Machine Manager


Windows Storage Server 2008
For more information about general use, see the Plan Development and Deployment of the Solution
section in Phase 1.

Windows Storage Server 2008 R2


For more information about general use, see the Plan Development and Deployment of the Solution
section in Phase 1.

Windows Server AppFabric


For more information about general use, see the Plan Development and Deployment of the Solution
section in Phase 1.

Microsoft Hyper-V Server 2008


For more information about general use, see the Plan Development and Deployment of the Solution
section in Phase 1.

Microsoft Hyper-V Server 2008 R2


For more information about general use, see the Plan Development and Deployment of the Solution
section in Phase 1.

Microsoft BizTalk Server 2009


For more information about general use, see the Plan Development and Deployment of the Solution
section in Phase 1.

System Components Integration


This section describes the additional and enhanced integration points of BizTalk Server 2009 with other
system components.

Architecture Guide

Page 115 of 123

Usage Scenarios
This section describes the additional and enhanced usage scenarios as supported by BizTalk Server
2009 in integration with other system components.
Applications that integrate with existing on-premises environments

Interoperability with Azure AppFabric


Microsoft BizTalk Server enables organizations to connect and extend heterogeneous systems
across the enterprise and with trading partners. The Service Bus is part of Windows Azure
AppFabric that provides connectivity, queuing, and routing capabilities not only for cloud
applications but also for on-premises applications. Using both together enables organizations to
build secure, reliable, and scalable hybrid solutions that span cloud and on-premises
environments:

Exchange electronic documents with trading partners.

Expose services running on-premises behind firewalls to third parties.

Enable communication between spoke branches and a hub back-office system.

Microsoft BizTalk Server 2010


For more information about general use, see the Plan Development and Deployment of the Solution
section in Phase 1.

System Components Integration


This section describes the additional and enhanced integration points of BizTalk Server 2010 with other
system components.

Usage Scenarios
This section describes the additional and enhanced usage scenarios as supported by BizTalk Server
2010 in integration with other system components.
Applications that integrate with existing on-premises environments

Interoperability with Azure AppFabric


Microsoft BizTalk Server enables organizations to connect and extend heterogeneous systems
across the enterprise and with trading partners. The Service Bus is part of Windows Azure
AppFabric that provides connectivity, queuing, and routing capabilities not only for cloud
applications but also for on-premises applications. Using both together enables organizations to
build secure, reliable, and scalable hybrid solutions that span cloud and on-premises
environments:

Exchange electronic documents with trading partners.

Expose services running on-premises behind firewalls to third parties.

Enable communication between spoke branches and a hub back-office system.

Architecture Guide

Page 116 of 123

CLIENT TECHNOLOGIES
This section contains links to the client technologies that Table 3 references.

Microsoft Office 2007


For more information about general use, Microsoft Office Outlook 2007, Microsoft Office Word 2007,
Microsoft Office Excel 2007, and Microsoft Office PowerPoint 2007, see the Plan Development and
Deployment of the Solution section in Phase 1.

Microsoft Office 2010


For more information about general use, Microsoft Outlook 2010, Microsoft Word 2010, Microsoft
Excel 2010, and Microsoft PowerPoint 2010, see the Plan Development and Deployment of the Solution
section in Phase 1.

Microsoft Office Visio 2007


For more information about general use, see the Plan Development and Deployment of the Solution
section in Phase 1.

Microsoft Visio 2010


For more information about general use, see the Plan Development and Deployment of the Solution
section in Phase 1.

Microsoft Office Project 2007


For more information about general use, see the Plan Development and Deployment of the Solution
section in Phase 1.

Microsoft Project 2010


For more information about general use, see the Plan Development and Deployment of the Solution
section in Phase 1.

Forefront Endpoint Protection 2010


For more information about general use, see the Plan Development and Deployment of the Solution
section in Phase 1.

System Center 2012 Endpoint Protection


For more information about general use, see the Plan Development and Deployment of the Solution
section in Phase 1.

Windows 7
For more information about general use, see the Plan Development and Deployment of the Solution
section in Phase 1.

Windows 8
For more information about general use, and offline files, see the Plan Development and Deployment
of the Solution section in Phase 1.

Architecture Guide

Page 117 of 123

Direct Access
DirectAccess allows connectivity to corporate network resources without the need for traditional Virtual
Private Network (VPN) connections. Windows Routing and Remote Access Server (RRAS) provide
traditional VPN connectivity for legacy clients, non-domain joined clients, and third-party VPN clients.
RRAS also provides site-to-site connections between servers.
General
Overview

http://technet.microsoft.com/en-us/library/hh831416.aspx

Install and Configure Basic Remote


Access

http://technet.microsoft.com/en-us/library/jj574162.aspx

Work Smart: Connecting Remotely


Using Windows 8 DirectAccess

http://www.microsoft.com/enus/download/details.aspx?id=34764

Deploy Remote Access in an Enterprise http://technet.microsoft.com/en-us/library/jj134200.aspx

CLOUD TECHNOLOGIES
This section contains links to the cloud technologies that Table 3 references.

Business Productivity Online Standard (BPOS) Suite


For more information about general use, see the Plan Development and Deployment of the Solution
section in Phase 1.

Office 365
For more information about general use, see the Plan Development and Deployment of the Solution
section in Phase 1.

Microsoft SharePoint Online


For more information about general use, see the Plan Development and Deployment of the Solution
section in Phase 1.

Windows Azure Platform


For more information about general use, see the Plan Development and Deployment of the Solution
section in Phase 1.

Microsoft SQL Azure


For more information about general use, see the Plan Development and Deployment of the Solution
section in Phase 1.

System Components Integration


This section describes the additional and enhanced integration points of Microsoft SQL Azure with
other system components.

Usage Scenarios
This section describes the additional and enhanced usage scenarios as supported by Microsoft SQL
Azure in integration with other system components.

Architecture Guide

Page 118 of 123

Business data hubs in the cloud

Interoperability with SQL Server 2008 R2 / 2012


Using SQL Azure Data Sync, organizations can use the power of SQL Azure and Microsoft Sync
Framework to build business data hubs in the cloud to enable information to be easily shared with
mobile users, business partners, remote offices, and enterprise data sourcesall while taking
advantage of new services in the cloud.

Windows Azure
For more information about general use, see the Plan Development and Deployment of the Solution
section in Phase 1.

System Components Integration


This section describes the additional and enhanced integration points of Windows Azure with other
system components.

Usage Scenarios
This section describes the additional and enhanced usage scenarios as supported by Windows Azure in
integration with other system components.
Simple, reliable, flexible, and powerful cloud platform
Windows Azure is a flexible platform that supports multiple languages and integrates with existing onpremises environments. It provides on-demand computing capacity for its analytics applications and
complements on-premises capabilities with a flexible, reliable solution that can support bursts in
computing activity over short periods of time, deliver enhanced services for more customers, empower
innovation, and provide organizations with increased business agility.
Web applications and services that support multiple languages and standards
Windows Azure platform has been built to be interoperable. As an open platform, Windows Azure
offers choices to developers. It enables them to use multiples languages (.NET, PHP, Ruby, Python, and
Java) and development tools (Visual Studio, Eclipse) to build applications that run on Windows Azure
and/or use any of the Windows Azure platform offerings from any other cloud or on-premises
platform. With its standards-based and interoperable approach, the Windows Azure platform supports
multiple Internet protocols, including HTTP, XML, SOAP and RESTkey pillars of data portability.
Applications that integrate with existing on-premises environments

Interoperability with BizTalk Server


Microsoft BizTalk Server enables organizations to connect and extend heterogeneous systems
across the enterprise and with trading partners. The Service Bus is part of Windows Azure
AppFabric that provides connectivity, queuing, and routing capabilities not only for cloud
applications but also for on-premises applications. Using both together enables organizations to
build secure, reliable, and scalable hybrid solutions that span cloud and on-premises
environments:

Exchange electronic documents with trading partners.

Expose services running on-premises behind firewalls to third parties.

Architecture Guide

Page 119 of 123

Enable communication between spoke branches and a hub back-office system.

Active Directory Access Control


For more information about general use, see the Plan Development and Deployment of the Solution
section in Phase 1.

System Components Integration


This section describes the additional and enhanced integration points of Active Directory Access
Control with other system components.

Usage Scenarios
This section describes the additional and enhanced usage scenarios as supported by Active Directory
Access Control in integration with other system components.
Federated identity and access control to secure applications

Interoperability with Windows Server 2008 R2 / 2012


Access Control helps to build federated authorization into applications and services, without the
complicated programming that is normally required to secure applications that extend beyond
organizational boundaries. It provides claims-based access control in the cloud and includes a
claims transformation engine that federates with identity providers like Active Directory Federation
Services 2.0.

Flexible standards-based service to support multiple credentials and relay parties


With its support for a simple declarative model of rules and claims, Access Control rules can easily and
flexibly be configured to cover a variety of security needs and different identity-management
infrastructures.
The Service Bus relies on Access Control for securing access to the relay. Access Control makes it
possible to use a modern, claims-based authentication and authorization model without requiring
organizations to build this complex infrastructure. The Service Bus trusts the claims produced by
Access Control, which it can then process to determine if clients and services should be allowed to
send to or listen on a particular Service Bus address. Clients and services must present credentials
to Access Control to acquire a security token for the Service Bus. They can provide a variety of different
credentials. Once authenticated, Access Control will issue the authorization token for the Service Bus
relay.

AppFabric
For more information about general use, see the Plan Development and Deployment of the Solution
section in Phase 1.

Architecture Guide

Page 120 of 123

System Components Integration


This section describes the additional and enhanced integration points of AppFabric with other system
components.

Usage Scenarios
This section describes the additional and enhanced usage scenarios as supported by AppFabric in
integration with other system components.
Rule-based authorization for services and applications

Interoperability with Windows Server 2008 R2 / 2012


Windows Azure Platform AppFabric provides federated identity and access control through rulebased authorization and enables applications to respond as if the user accounts were managed
locally. Administrators can create user accounts that federate a customer's existing identity
management system that uses the Active Directory service, other directory systems, or any
standards-based infrastructure.

Microsoft Online Backup Service


For more information about general use, see the Plan Development and Deployment of the Solution
section in Phase 1.

DEVELOPMENT TOOLS
This section contains links to the development tools that Table 3 references.

Microsoft .NET Framework 4.0


For more information about general use, see the Plan Development and Deployment of the Solution
section in Phase 1.

Visual Studio Team Foundation Server 2010


For more information about general use, see the Plan Development and Deployment of the Solution
section in Phase 1.

Visual Studio 11 Team Foundation Server


For more information about general use, see the Plan Development and Deployment of the Solution
section in Phase 1.

Microsoft Visual Studio Team System 2008


For more information about general use, see the Plan Development and Deployment of the Solution
section in Phase 1.

Microsoft Visual Studio Team System 2010


For more information about general use, see the Plan Development and Deployment of the Solution
section in Phase 1.

Visual Studio 11
For more information about general use, see the Plan Development and Deployment of the Solution
section in Phase 1.

Architecture Guide

Page 121 of 123

Windows Communications Foundation (WCF) Services


For more information about general use, see the Plan Development and Deployment of the Solution
section in Phase 1.

TOOLS
This section contains links to the tools that Table 3 references.

Microsoft Assessment and Planning Toolkit 6.0/6.5


For more information about general use, see the Plan Development and Deployment of the Solution
section in Phase 1.

Microsoft Security Assessment Tool


For more information about general use, see the Plan Development and Deployment of the Solution
section in Phase 1.

Microsoft Software Inventory Analyzer 5.0/5.1


For more information about general use, see the Plan Development and Deployment of the Solution
section in Phase 1.

Microsoft Deployment Toolkit 2010


For more information about general use, see the Plan Development and Deployment of the Solution
section in Phase 1.

Microsoft Deployment Toolkit 2012


For more information about general use, see the Plan Development and Deployment of the Solution
section in Phase 1.

Windows Automated Installation Kit


For more information about general use, see the Plan Development and Deployment of the Solution
section in Phase 1.

Security Compliance Management Toolkit


For more information about general use, and Microsoft Security Compliance Manager, see the Plan
Development and Deployment of the Solution section in Phase 1.

Compliance Management Libraries/2.0


For more information about general use, see the Plan Development and Deployment of the Solution
section in Phase 1.

Windows SDK
For more information about general use, see the Plan Development and Deployment of the Solution
section in Phase 2.

Data Classification Toolkit


For more information about general use, see the Plan Development and Deployment of the Solution
section in Phase 1.

Architecture Guide

Page 122 of 123

IT Governance, Risk, and Compliance Process Management Pack/2.0


For more information about general use, see the Plan Development and Deployment of the Solution
section in Phase 1.

BizTalk ESB Toolkit


For more information about general use, see the Plan Development and Deployment of the Solution
section in Phase 1.

Architecture Guide

Page 123 of 123