You are on page 1of 14

Planning for Security in

Microsoft Business Solutions–Solomon


Business Portal

Published: March 2005


Table of Contents
Introduction....................................................................................................................................... 3
Portal architecture ............................................................................................................................ 3
Microsoft .NET............................................................................................................................. 3
Microsoft Business Framework .................................................................................................. 3
Windows Server ™ 2003 and IIS................................................................................................... 3
Windows SharePoint ® Services .................................................................................................. 3
Securing the network ........................................................................................................................ 3
TCP/IP......................................................................................................................................... 4
Domains ...................................................................................................................................... 4
External connections to Business Portal ................................................................................... 4
Securing the Web server ................................................................................................................... 4
SQL authentication ..................................................................................................................... 4
Digest authentication ................................................................................................................. 4
Business Portal and Internet Information Services (IIS) ............................................................ 4
Business Portal and Windows SharePoint Services ................................................................... 5
Microsoft Internet Explorer ........................................................................................................ 5
Using Secure Sockets Layer (SSL) .............................................................................................. 6
Changing the port number .......................................................................................................... 6
Securing Business Portal .................................................................................................................. 6
Portal roles ................................................................................................................................. 6
Default portal roles and security permissions............................................................................ 7
Advanced portal roles ...............................................................................................................12
Default advanced roles and security permissions....................................................................12
Data permissions ......................................................................................................................13
Query Web Service ....................................................................................................................13
Report permissions ...................................................................................................................13
Terminal services ............................................................................................................................13

Page 2
Introduction
Business Portal extends Microsoft® Business Solutions–Solomon to the Web, providing a Web interface to
securely access back office data. This distributed computing model brings significant challenges. Among
these is security. Business Portal’s distributed model of computing – with levels of integration between
clients, servers, and services– demands that security be an integral part of every implementation.
Much of the information in this whitepaper is discussed in more detail in the Business Portal product
documentation, namely, the Business Portal Administrator’s Guide, the Business Portal Integration Guide,
and the Business Portal Installation Guide. These documents are supplied on the product CD.

Portal architecture
Microsoft .NET
Integrated security is a hallmark of Microsoft .NET. A general-purpose development platform, .NET is ideal for
creating Web-based applications because it contains the building blocks for creating security-enhanced, role-
based applications using a browser client, along with an existing back office solution.

Microsoft Business Framework


Microsoft Business Framework was built using the .NET platform. It provides many of the building blocks
used to create business applications. Business Portal uses the security features provided by the business
framework to help ensure that data remains secure.
Several features of the business framework make the task of securing a business application easier. In
Business Portal, these security features have been implemented in features such as role-based security and
Query Web Service. These feature implementations are described in depth later in this document.

Windows Server™ 2003 and IIS


In addition to Microsoft .NET and the Microsoft Business Framework, Solomon Business Portal builds on the
security features in its underlying components, namely, Windows Server 2003 and Internet Information
Server (IIS). Windows Server 2003 fully integrates the .NET Framework into the operating system and allows
developers and systems administrators to seamlessly use both Windows Server 2003 and .NET Framework
security features in their applications.
Use the security guidelines for Windows Server 2003 when setting up your portal environment. Carefully
follow the guidelines for IIS Servers in Chapter 8 of the security guide.
http://www.microsoft.com/technet/security/prodtech/win2003/w2003hg/sgch00.mspx

Windows SharePoint® Services


Windows SharePoint Services (WSS) provides the tools used for sharing information in Business Portal. WSS
uses a security model based on site groups and rights. Site groups are groups of users with related security
requirements. Security rights are assigned to each security group. You can customize the rights assigned to
these site groups or add new site groups to combine different sets of rights. By default, WSS includes five site
groups: Administrator, Web Designer, Contributor, Reader, and Guest.
For more information on how security is applied in WSS, visit:
http://www.microsoft.com/resources/documentation/wss/2/all/adminguide/en-us/default.mspx

Securing the network


In a network environment such as Business Portal, where users access data over an Intranet connection,
maintaining security is of utmost importance. You should have an in-depth understanding of all the
technologies and tools involved in securing your network prior to deployment.

Page 3
TCP/IP
TCP/IP must be running on the network that is used to access Business Portal. Organizations should use
some type of name resolution to identify each computer by having a server act as a domain name server or
by putting a hosts file on each client and server.

Domains
Domain controllers provide a convenient, secure way to log on to Business Portal. When users log on to a
domain, Business Portal can easily retrieve and verify those credentials. Business Portal requires that your
Web server, back office server, terminal services server, and client workstations all belong to a domain.

External connections to Business Portal


Business Portal currently operates in an intranet scenario only. If you are allowing intranet access to remote
employees, we require that you configure a Virtual Private Network (VPN) server to provide access and a
proxy server or firewall to secure it. A VPN encrypts all the traffic that travels over the Internet between two
predetermined end-points — the client’s Web browser and the Business Portal application server. VPNs are an
ideal solution where limited access to an intranet is required.

Securing the Web server


Authentication is the process of verifying the identity of user or a process. Microsoft Internet Information
Services (IIS) handles authentication for SharePoint Products and Technologies. To be authenticated, you
need a local user account or a domain user account (if in a networked domain).

SQL authentication
Business Portal requires that Microsoft SQL Server™ is using SQL authentication, so SQL Server must use
mixed-mode authentication.
When you install Business Portal, you’ll create a Business Portal logon, which is the account Business Portal
uses to access Solomon data in SQL Server. This user shouldn’t be used for any other purpose and the
password should be held securely.

Digest authentication
Business Portal also supports digest authentication, or enhanced security. If selected, users will be required
to enter their credentials when attempting to access the administration pages of Business Portal. Digest
authentication hashes, or encrypts, user credentials across the network and makes it virtually impossible for
hackers to reconstruct the credentials. We recommend using digest authentication if:
• Business Portal users have valid Windows user accounts stored in Active Directory® on the domain
controller with passwords stored in a reversibly encrypted (clear text) form.
• The Business Portal server is on a domain with at least one domain controller running Windows 2000
Server or later.
• Users need to be prompted for domain credentials when performing administrative tasks in Business
Portal.
• The users and the Web server are members of, or are trusted by, the same domain.

Business Portal and Internet Information Services (IIS)


IIS provides many services for Web applications such as Business Portal. During the portal installation, a
virtual directory called “BusinessPortal” is created in IIS. This directory folder maps to a folder on the server’s
hard disk that contains the portal Web pages. This redirection is a security mechanism that prohibits people
from identifying the location of portal page files on the Web server. We recommend using integrated
authentication for the Business Portal virtual directory.
To make your IIS servers as secure as possible, we recommend you use only the services that are required to
run Business Portal.

Page 4
The following services or subcomponents must be enabled for Business Portal:
• ASP .NET This component provides support for ASP .NET applications such as Business Portal. It is
required for both WSS and Business Portal installations and for accurate operation.
• ASP This component provides support for ASP applications such as Business Portal. It is required for
Project Self Service.
In addition, Microsoft FrontPage® 2002 Server Extensions must be disabled on the IIS Server before the
Business Portal virtual directory can be extended to WSS. See the WSS Administrator’s Guide for procedural
information.
Use the following recommendations regarding IIS to further secure the server:
• In the machine.config and Web.config files, determine whether debugging is enabled and whether
detailed error messages are sent to the client. Make sure that debugging is disabled on all production
servers and that a generic error message is sent to the client in the event of a problem. This avoids
unnecessary information about the Web Server configuration being sent to the client.
• Make sure that the IIS Web root is installed on a non-system NTFS partition for file system-level security.
A non-system partition is one other than the partition containing the operating system files (for example,
C:\Winnt).
• Make sure that the latest operating system and IIS service packs and hot fixes are applied. Check the
Microsoft Security & Privacy Web site (www.microsoft.com/security/default.asp) for the latest details.

Business Portal and Windows SharePoint Services


Business Portal runs on top of Windows SharePoint Services (WSS). Business Portal has its own user
management and role-based security, which is synchronized with WSS user and user group management to
simplify security administration.
Many of the features in Business Portal, such as document libraries, lists, announcements, links, and alerts,
are provided by WSS. To protect the security of your portal application:
• Install Microsoft Windows SharePoint Services and Business Portal on a server that has unnecessary
server computer and server site privileges disabled.
• Only give essential users privileges for Administrator, Web Designer, and Contributor site groups on the
Business Portal site. You can also grant user privileges to a single document library or list.
• Do not allow document libraries to contain .htm files. For details on blocking files with certain extensions
from being added to document libraries, see the WSS Administrator’s guide.
• Apply appropriate permissions to SharePoint Web Parts. By design, SharePoint Web Parts don’t have the
same role-based security attributes as Business Portal Web Parts. To secure SharePoint Web Parts,
ensure that SharePoint and Business Portal roles are synchronized. Make note of the groups that should
have permissions to the Web parts and apply the appropriate permissions.

Microsoft Internet Explorer


On the Business Portal Web server, Internet Explorer must be set to log on to the local intranet without
prompting the user for credentials. If Internet Explorer is set to prompt for a user name and password in the
intranet zone, Business Portal can’t be installed correctly. Once installed, you can reset the logon settings for
the zone.
Internet Explorer on portal workstations must be set so content is automatically refreshed. ActiveX controls
must also run on the Business Portal Web site to display Microsoft Outlook Web parts, the Business Portal
system shell, and query result viewers. Your client workstations must be set up to:
• Download signed ActiveX® controls
• Initialize and Script ActiveX controls not marked as safe
• Run ActiveX controls and plug-ins

Page 5
To avoid having to relax security in the Internet or Local Intranet zones of Internet Explorer in order to view
the Microsoft Outlook Web parts, Business Portal must be added to the list of Trusted Sites unless you use
Secure Sockets Layer (the default security level for Trusted Sites is lower than for the Internet or Intranet
zone).

Using Secure Sockets Layer (SSL)


We recommend you use SSL to secure the Business Portal Web site. SSL 3.0 secures the exchange of data
between clients and servers through an encrypted data stream. IIS 6.0 has a faster and more manageable
SSL implementation than previous versions, allowing administrators to more easily manage and use SSL
certificates on all their Web servers, as well as take advantage of third-party cryptographic service providers.
Certificates are issued by non-Microsoft organizations called certification authorities (CAs). The server
certificate is typically associated with your Business Portal Web server where you plan to configure SSL. You
must generate a request for a certificate, send the request to the CA, and then install the certificate to the
default Web directories, including Business Portal.
If administrators implement SSL after Business Portal has been installed, SSL connections must be enabled
on the portal Web server using IIS. Enable SSL connections by editing the XML in the
BusinesssFramework.config file to replace http with https and to replace the TCP port number with the SSL
port number.

Changing the port number


Some Web applications and databases that were configured to use default port numbers have been prone to
security issues. For example, a worm that searches for vulnerable database servers on the Internet might
examine only TCP Port 1433. By default, SQL Server uses this port number.
One way to protect Business Portal from automated attacks (such as viruses and worms) is to change the
default port numbers that the application and database servers use for communications.

Securing Business Portal


Web applications such as Business Portal interact with users and other systems using HTTP and Internet
Explorer. Therefore, Business Portal uses a security model based on user roles and data permissions,
providing users with the least amount of system privileges they need to do their jobs.
Roles With Business Portal roles, businesses can pinpoint the types of information and processes they
offer individual employees: salespeople can review quotas, query customer data, and enter orders.
Executives can review reports online or look up critical business information. Data permissions and page
permissions use roles to restrict access.
Page permissions Users are able to perform tasks in Business Portal based on their access to specific
Business Portal pages. Roles are used to provide page access. For example, the default Administrator
role has access to the Site Settings page.
Data permissions Once Business Portal users have access to Business Portal pages, data permissions
control the information that can be displayed on the page. If a portal user isn’t assigned to at least one of
the same roles as that data permission, that user won’t be able to access data through that data
permission.

Portal roles
Roles control the data, tasks, pages, and reports that users can access by displaying or hiding navigational
elements. For example, when a user logs on to Business Portal, the menu on the user’s Home page will
contain all the pages that the user can access based on the roles assigned to that user.

Page 6
Default portal roles and security permissions
Business Portal ships with several roles that have been preconfigured with access to appropriate pages and
data. These roles include typical functions that a user such as Sales Manager or Employee might have. By
default, role information is displayed on the role’s associated Center page. For example, users assigned to
the Accounting Specialist role will have access to the Finance Center page. However, the same users might
see different information on the Finance Center page, depending upon the data permissions assigned to
them.
The following table contains the default roles that are installed with Business Portal, including a description
of the role and the associated default page and data permissions. The additional roles installed with the
Project Self Service suite are also listed.
Portal role Description Associated page permissions Associated data permissions
Accounting Specialist Used to manage access to pages Finance Center, including: Account – All
and data (such as General Ledger Account History – All
Accounts page
account balances) provided for Account Subaccount – All
Cash page
members of your accounting Reports page Bank Reconciliation – All
department Batch – All
Financial Queries page
Cash Accounts – All
Cash Manager Transactions – All
Companies and Subaccounts – All
Daily Cash Balances – All
Entry Type – All
General Ledger Setup – All
General Ledger Transactions – All
GL Summary By Period – All
Ledger – All
Subaccount – All
Valid Company Accounts – All
Valid Company Subaccounts – All

Administrator Used to manage access to the Site Settings Center, including: N/A
entire Business Portal, including
Manage Business Portal Users page
page and data access for all users Manage Roles page
Manage Data Permissions page
Manage Navigation page
Manage Portal Pages page
Manage Back Office Pages page
Organize Queries page
Set Up Default Tasks page
Change Portal Logo page
Set Up E-Mail page
Set Up Back Office Terminal Server Access
page
Set Up Reports Catalog page
Manage Reports Catalog page
Report Scheduler page

Page 7
Portal role Description Associated page permissions Associated data permissions
Administrator Used to manage access to the Employee Center, including: N/A
entire Business Portal, including
My Profile page
page and data access for all users Pay page

Manager Center, including:


Manager Queries page

Finance Center, including:


Accounts page
Cash page
Reports page
Financial Queries page

Sales Center, including:


Customers page
Receivables Activity page
Documents page
Orders page
Customers Orders page
Reports page
Sales Queries page

Purchasing Center, including:


Vendors page
Payables Activity page
Payments page
Reports page
Purchasing Queries page

Inventory Center, including:


Items page
Reports page
Inventory Queries page

Payroll Center, including:


Employees page
Reports page
Payroll Queries page

Page 8
Portal role Description Associated page permissions Associated data permissions
Administrator Used to manage access to the Windows SharePoint Services N/A
entire Business Portal, including Administration pages, including:
page and data access for all users Manage Users
Manage Site Groups
Manage Cross-Site Groups
Web Part Gallery
Documents and Lists
Manage Web Discussions
List Template Gallery
Storage Space Allocation
Sites and Workspaces
View Site Hierarchy
Manage Site Collection Users
Site Usage Report
Modify Site and Workspace Creation
Site Template Gallery
My Alerts on this Site
Create Page
Modify Site Content
Regional Settings
Manage User Alerts
Configure Connection to Portal Site
Delete Web Site

Inventory Manager Used to manage access to pages Inventory Center, including: Inventory – All
and data (such as quantities and Order – All
Items page
pricing) provided for employees
Reports page
who manage inventory
Inventory Queries page
information

Manager Used to manage access to pages Manager Center, including:


and data provided for managers
Manager Queries page
within your company

Order Entry Clerk Used to manage access to pages Sales Center, including: Accounts Receivable Setup – All
and data provided for employees Customer – All
Customers page
who process sales orders Receivables Activity page Customer Adjustments – All
Customer Balances – All
Documents page
Customer Company Associations – All
Orders page
Customers Orders page Customer Documents – All
Customer History – All
Reports page
Customer Transactions – All
Sales Queries page
Order – All

Payroll Administrator Used to manage access to pages Payroll Center, including: Benefit – All
and data (such as employee and Check Stub Detail – All
Employees page
pay information) provided for Reports page Deduction – All
members of your payroll Earnings Type – All
Payroll Queries page
department Employee – All
Employee Benefits – All
Employee Documents – All
Employee Earnings and Deductions – All

Page 9
Portal role Description Associated page permissions Associated data permissions
Payables Specialist Used to manage access to pages Purchasing Center, including: Accounts Payable Adjusted Documents – All
and data (such as vendor Accounts Payable Setup – All
Vendors page
information) provided for Payables Activity page PO Address – All
members of your purchasing PO Receipt – All
Payments page
department PO Transactions – All
Reports page
Purchase Order Detail – All
Purchasing Queries page
Purchase Orders – All
Vendor – All
Vendor Adjustments – All
Vendor Balances – All
Vendor Company Associations – All
Vendor Documents – All
Vendor History – All
Vendor Received Transactions – All
Vendor Transactions – All

Reports Catalog Used to manage access to pages Set Up Reports Catalog page Report Catalog – All
Administrator and data used to set up and Manage Reports Catalog page ReportCatalog_RoleDAP
configure the Reports Catalog

Sales Manager Used to manage access to pages Sales Center, including: Accounts Receivable Setup – All
and data (such as customer or Customer – All
Customers page
order information) provided for Customer Adjustments – All
Receivables Activity page
sales managers within your Documents page Customer Balances – All
company Customer Company Associations – All
Orders page
Customer Documents – All
Customers Orders page
Reports page Customer History – All
Customer Transactions – All
Sales Queries page
Order – All
Sales Territory – All
Salesperson – All
Salesperson History – All

User All users added to Business Portal My Settings page N/A


automatically are assigned to the Benefits page
User role Policies page

If you install the Project Self Service suite, you will also have:

Project Executive Used to manage access to pages Project Center, including: Commitment Detail – All
and data for project executives Detail Transactions – All
Executive Project Analyst
within your company Project – All
Project Results – All
Project Account Category – All
Approvals page
Document Approvals page Project Analysis – All
Project Budget – All
Executive Line Item Approvals
Project Budget History – All
Queries
Project Commitment Summary – All
Reports
Project Employee – All
Project Extension – All
ReportCatalog_RoleDAP
Task Analysis – All
Task Budget – All
Task Budget History – All
Task Commitment Summary – All
Tasks – All
Tasks Extension – All
Transaction Analysis – All

Page 10
Portal role Description Associated page permissions Associated data permissions
Project Manager Used to manage access to pages Project Center, including: Commitment Detail – Business Manager
and data for project managers Commitment Detail – Project Manager
Project Analyst
within your company Project Results – Business Manager Detail Transaction – Business Manager
Detail Transaction – Project Manager
Project Results – Project Manager
Project – Business Manager
Approvals page
Document Approvals page Project – Project Manager
Project Account Category – All
Line Item Approvals
Project Analysis – Business Manager
Queries
Project Analysis – Project Manager
Reports
Project Budget – Business Manager
Project Budget – Project Manager
Project Budget History – Business Manager
Project Budget History – Project Manager
Project Commitment Summary – Business
Manager
Project Commitment Summary – Project Manager
Project Employee – All
Project Extension – Business Manager
Project Extension – Project Manager
ReportCatalog_RoleDAP
Task Analysis – Business Manager
Task Analysis – Project Manager
Task Budget – Business Manager
Task Budget – Project Manager
Task Budget History – Business Manager
Task Budget History – Project Manager
Task Commitment Summary – Business Manager
Task Commitment Summary – Project Manager
Tasks – Business Manager
Tasks – Project Manager
Tasks Extension – Business Manager
Tasks Extension – Project Manager
Transactions Analysis – Business Manager
Transactions Analysis – Project Manager

Page 11
Advanced portal roles
Portal users can be assigned to an advanced portal role which provides more granular data access. Portal
users are mapped to a back office ID, which provides the user with information only to that is specific to that
ID. For example, you can assign a portal user to the Employee advanced role, which allows you to associate
the user with a specific Solomon employee ID. Users can then access information such as pay stubs and time
off. The user will have access to his employee ID, but not any other employee’s information.

Default advanced roles and security permissions


The following table contains the default advanced portal roles that are installed with Business Portal,
including a description of the role and the associated default page and data permissions. The additional
advanced roles installed with the Project Self Service suite are also listed.
Note that some other Business Portal applications include additional page permissions and security
permissions, which are added to Business Portal when you install the applications. They are not listed here.
Advanced role Description Associated page permissions Associated data permissions
Back Office User Used to manage access via Report Scheduler page Report Request – All
Terminal Server and generate Solomon Screens – All
reports

Customer Used to manage access to pages N/A N/A


and data provided for your
company’s customers; can be
linked to Customer ID

Employee Used to manage access to pages Home page Benefit – All


and data (such as pay) provided Check Stub Detail – Restricted
for all employees within your Employee – Restricted
Employee Center, including:
company; can be linked to Employee Benefits – Restricted
Employee ID in Solomon My Profile page Employee Documents – Restricted
Pay page Employee Earnings and Deductions – Restricted

Salesperson Used to manage access to pages Sales Center, including: Accounts Receivable Setup – All
and data (such as sales or Customer – All
Customers page
customer information) provided Customer Adjustments – All
Receivables Activity page
for salespeople within your Customer Balances – All
Documents page
company; can be linked to Orders page Customer Company Associations – All
Salesperson ID in Solomon Customer Documents – All
Customers Orders page
Customer History – All
Reports page
Customer Transactions – All
Sales Queries page
Order – All
Orders – Restricted to Salesperson's Customers
Sales Territory – All
Salesperson – All
Salesperson – Restricted
Salesperson History – All
Salesperson History – Restricted

Vendor Used to manage access to pages N/A PO Address – Restricted


and data provided for your PO Receipt – Restricted
company’s vendors; can be linked PO Transactions – Restricted
to Vendor ID in Solomon Purchase Order Detail – Restricted
Purchase Orders – Restricted
Vendor Received Transactions – Restricted

If you install the Project Self Service suite, you will also have:

Project Employee Used to manage access to pages Project Center, including: Task Assignment (View) - All
and data provided for project Task Assignment (View) - Manager View
Time
employees within your company;
Expenses
can be linked to Project Employee
Communicator
ID in Solomon Assignments

Page 12
Data permissions
Just because two users are from the same department doesn't automatically mean they should have the
same permissions. Access to secure information should be granted on an individual, need-to-know basis, not
by a whole department. This can be accomplished using data permissions.
Data permissions provide read and write access, read-only access, or customized access to back office data.
Permissions can be further refined to provide access to specific rows of data. This data is displayed to the
Business Portal user through the portal’s various query functions. For example, an administrator could set up
a row-level restriction so that a user assigned to the Salesperson role could view only the customers assigned
to his or her specific territory. The restriction is, in effect, specifying which rows from the Customer SQL table
will be displayed.
Only users in the Administrators group can create data permissions for business entities, which are
components that store data such as customer IDs and orders, and processing capabilities that can act on
that data. Typical Business Portal users cannot create their own data permissions.
When administrators create data permissions, they specify:
• Which attributes from the business entity can be accessed
• Which rows from the corresponding SQL table will be accessed (if using the BPSDK)
• Which roles have access to the data permission

Query Web Service


Business Portal’s Query Web Service (QWS) enforces security through the use of data permissions. Query
Web Service is a component service of the Microsoft Business Framework. Business Portal uses the service
to locate and display information from the back office to the portal user.
QWS listens for messages from Business Portal (requests for data) and passes back the requested
information. Messages are sent between Business Portal and the Web service using Extensible Markup
Language (XML) and standard HTTP protocol.
Business Portal ships with a number of predefined Query pages and queries that are used to perform
searches and retrieve data in Business Portal. In addition, pre-built queries are also shipped for use with the
various Web Parts. Each predefined query page is specific to a role.

Report permissions
The Business Portal Reports Catalog is a folder on a server that contains back office reports that can be
viewed through Business Portal. A “Top 5 Reports” Web Part appears on each portal Center page and
contains links to back office reports that are stored in the folder. Users can also access Reports from the
center pages of Business Portal.
The Reports folder is a shared folder on the network. In addition to the security granted during installation,
only the user that runs Solomon Application Server should be given write access. The “Everyone” and
“Anonymous User” groups should not have access to the shared reports folder. Business Portal
administrators assign permissions to view reports by assigning roles to the reports.

Terminal services
Windows Terminal Server (WTS) can be used in conjunction with Business Portal to provide access to
Solomon windows from Business Portal Web pages. Portal users must be assigned to the BackOffice User
role and have a corresponding back office user ID in order to view back office windows in Business Portal.
A terminal services connection is commonly called “thin client” access. Once Business Portal connects to the
Solomon back office, windows from the Solomon application can be displayed in the client browser. All
system functions run on the terminal services server.
In order to preserve back office performance and security, WTS must be implemented on a server separate
from both the Business Portal and database servers.

Page 13
●●●●●

Disclaimer
© 2005 Microsoft Corporation. All rights reserved.

Microsoft, Active Directory, ActiveX, FrontPage, SharePoint, Windows, and Windows Server are either
registered trademarks or trademarks of Microsoft Corporation or its affiliates in the United States and/or
other countries.

The names of actual companies and products mentioned herein may be the trademarks of their respective
owners.

The information contained in this document represents the current view of Microsoft Corporation on the
issues discussed as of the date of publication. Because Microsoft must respond to changing market
conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot
guarantee the accuracy of any information presented after the date of publication.

This White Paper is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR
IMPLIED, AS TO THE INFORMATION IN THIS DOCUMENT.

Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights
under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system,
or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise),
or for any purpose, without the express written permission of Microsoft Corporation.

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights
covering subject matter in this document. Except as expressly provided in any written license agreement from
Microsoft, the furnishing of this document does not give you any license to these patents, trademarks,
copyrights, or other intellectual property.

Page 14

You might also like