Microsoft's Knowledge Management Platform
Knowledge management is first and foremost a management discipline that treats intellectual capital as a managed asset. The primary "tools" applied in the practice of knowledge management are organizational dynamics, process engineering, and technology. These three work in concert to streamline and enhance the capture and flow of an organization's data, information and knowledge and to deliver it to individuals and groups engaged in accomplishing a specific item of work. These individuals, or knowledge workers, are unequivocally the most vital resource in the 21st century company. The primary goal of knowledge management is to deliver the intellectual capacity of the firm to these individuals who day-to-day make the decisions that in aggregate determine the success or failure of a business.
management is not about creating a central database that is somehow a complete
replica of all that is known by employees or that is embedded in the systems
they use. On the contrary, knowledge management is about embracing a diversity
of knowledge sources, from databases, web-sites, employees and partners and
cultivating that knowledge where it resides, while at the same time capturing
it's context and giving it greater meaning through it's relation to other
information in the company. Knowledge management is not about turning
knowledge workers into interchangeable components by plugging them into some
corporate knowledge base. Knowledge management in essence is about fuelling
what we do best as knowledge workers, what Bill Gates refers to as
"thinking work". It is about making technology a partner with
culture and business process, and using it as the vehicle to manage and deliver
the business information and co-worker expertise to the most fundamental driver
of business growth...the knowledge worker.
Microsoft's Knowledge Management Platform
Microsoft's knowledge management platform is designed to provide increasingly mobile knowledge workers with rich and focused access to information and experts at any time or in any place. By combining and synthesizing information from across a corporation's legacy and cutting edge systems, Microsoft is helping to provide knowledge workers with a unified view of their customers, their learning and their business.
Microsoft’s Knowledge Management Platform is composed of four primary components:
· Devices allowing people access to corporate information anytime and anyplace
· Knowledge Tools enabling greater interaction with people and information within familiar tools
· Knowledge Services delivering more focused and relevant information
· System Services making possible more integrated solutions through a common foundation
This document will describe how each of these components works together to provide knowledge workers with a unified view of everything they need to know about their organization.
Access to Knowledge Anytime and Anyplace
With an increasingly mobile workforce, corporations are finding the need to support a wide variety of unrelated and un-standardized devices. Microsoft is working to broaden its Microsoft Windows® operating system family to a whole new generation of devices for knowledge workers that provide a familiar interface to information no matter where they are. And because these devices are based on a common operating system, managing and supporting them is easier and less expensive.
Making a better device starts with a familiar interface, like a telephone keypad, and pleasantly surprises people with features that are intuitive and take the device to a new level of usefulness. Better devices make it easier to have information at your fingertips and communicate with others. The end result is that people and businesses save time and money, work more productively, and are more organized.
Microsoft Windows® CE is an operating system, which was designed to be the basis for many radically different types of devices. The approach was to create a foundation of software building blocks that could be assembled in many different ways to create new devices. This meant that if you wanted to build a device, you could pick and choose only those pieces you needed and keep the size of your software consistent with the size of your device.
Rather than create new tools and new interfaces for programmers to use in their applications, Windows CE was built on the experience base of the development community. It uses a subset of the Microsoft Win32® application programming interface (API) that is used on Windows-based desktop and server computers. Developers can use the same development tools, such as the Microsoft Visual C++® or Microsoft Visual Basic® development system, and communications protocols to create applications for Windows CE-powered devices.
Companies that build electronic devices today can standardize on this open Windows CE platform, making it easier to find people with development expertise in Windows, get them up and running on a project, and have them easily shift between projects when needed. With more than 5 million developers worldwide using Win32, there are many experienced programmers who already know how to develop for the Microsoft Windows CE platform, which lowers training costs and shortens your time to market.
ClearType: ClearType™ font technology improves display resolution by as much as 300 percent and works especially well on existing LCD devices, including desktop panels, laptops and smaller devices such as Handheld and Palm-size PCs. By profoundly improving the on-screen reading experience, ClearType font technology enables new product categories such as tablet PCs that will allow knowledge workers to further reduce the number of paper based forms and documents they need. Reducing paper processes is a key part of helping information travel faster and increasing the reactive capabilities of organizations.
Microsobrowser: Intended to be available on a wide variety of phone handsets, pagers, and other lower powered data devices, Microsoft microbrowser technology is fully compatible with the current standards for Internet content and session protocols. Delivered as a source code product, the microbrowser technology will feature a componentized architecture, which can be factored to fit the target device's resources and capabilities.
Familiar Tools for Knowledge Creation and Sharing
The combination of Microsoft Office 2000 and the Outlook® 2000 messaging and collaboration client provides a rich portal and set of tools for working with any information on the Internet and Intranet including mail, databases, real-time collaboration and documents allowing users to seamlessly create and manage any type of knowledge asset no matter where it is stored. As a standalone tool in any organization, Office provides many of the knowledge management capabilities a team or department needs–from document-based collaboration to sophisticated business applications built with Microsoft Access 2000. The true power of Office, however, is its ability to seamlessly connect to people, content and data in enterprise systems. It is this capability – to span form the team to the enterprise with a single set of familiar tool–that makes Microsoft Office 2000 the core of any knowledge management solution.
Outlook Today: A Digital Dashboard
Microsoft Office 2000 Premium Edition, which includes the FrontPage® 2000 Web site creation and management tool, enables individual teams to build and deploy simple collaborative workspaces using a Web infrastructure combined with the familiar Office personal productivity applications. These workgroup Webs provides a dynamic place where knowledge workers can easily share documents and the ideas that surround these documents in a web-based environment, resulting in a collaborative work environment that fosters superior team output.
Office Workgroup Webs provide the following functionality:
· Working Offline
· Assign-To & Review
· Web Discussions
· Document Check-In/Check-Out
· Subscription and Notification
· NetMeeting® conferencing software
Working Offline: Documents can be marked in order to be available for offline editing to allow the user to work on the document when disconnected from the network. When the user is working online again, all files will be synchronized so that if the user's copy has changed, the server copy will be updated (or vice versa). This process also allows for the detection and full resolution of conflicts if both the server copy and user copy have been modified.
Check-In/Check-Out: Working in teams is made easier in FrontPage 2000 with Check In/Check Out. This allows a user to reserve a file that only they can edit in the FrontPage-based Web. This prevents another user from saving edits on top of the file they are currently working on, and helps preserve the right versions of files. For example, in a busy team with different people working on various Web site elements, one user could check out a file to work on, and if another user tried to work on that page, they would be notified that another user had the file checked out. Also, a user could check out a file, make changes, and undo the checkout to automatically revert to the previous version of the file.
Assign-To & Review: FrontPage 2000 allows users to quickly assign responsibility for a page to a team member when pages are saved, and even set up and assign approval levels or stages in their own publishing process. For example, a team might follow a standard process whereby one person writes the pages, then assigns them to the editorial team to check for accuracy, then sends them to the legal department for approval, then to the Webmaster, and finally for the OK to publish. With FrontPage 2000, it's easy to add Editorial, Legal, Webmaster, and OK to Publish stages to the page properties so users can track where specific pages are in their own company's publishing process.
Web Discussions: With Web Discussions, users can make comments on Web documents, thereby working together to create new content or comment on existing content. Because the comments are stored in a database, the original Web document is never altered. With Web Discussions, workgroups can easily review and comment on new policies, programs, and products. An author can get feedback from the workgroup before publishing a new policy, and even get corporate-wide feedback once the policy has been published without risking changes to the original document. There is even an option to allow discussions on documents located on the network or on Internet servers, although it can be disabled if security is a concern.
Subscription and Notification: The Subscription and Notification feature of Office Server Extensions allows a user to subscribe to a document, folder, or discussion and have an electronic mail automatically sent to them when any changes are made to the document or new content is added to the folder. The user can choose the frequency of the notification so that they get timely notice of changes to discussions, files, or folders without having to remember to regularly check these items. Consequently, team members are able to stay on top of the latest information, and contributions are incorporated quickly and efficiently.
NetMeeting: All Office 2000 applications include a Conference command that invokes NetMeeting conferencing software and enables group meetings to be conducted over the Internet or the corporate network while sharing the current document with one or more people using the Chat or Whiteboard tools. In addition, the PowerPoint® presentation graphics program now makes it possible to broadcast a slide presentation with live narration over the Web. This means that group meetings can occur without the unnecessary and expensive overheads of time, travel and accommodation for geographically dispersed teams.
Following the release of Outlook 2000 and taking advantage of its advanced collaboration features and web integration, Microsoft will provide a Team Folders Wizard that eases the creation and deployment of team-based applications. Because they are based on the Outlook integration with Exchange, the wizard will take advantage of the Microsoft Exchange native collaboration objects such as shared calendar, tasks, discussions and documents. All of these applications will be built on improvements in the Outlook object model, the Outlook View control, for web-integration, and the new Outlook Folder Home Pages.
The set of out-of-the-box applications will be provided for the creation of the most common collaborative scenarios and the use of a Wizard will help to speed the end-user creation and customization of the applications. The following useful applications will be supported:
· Team Project
· Discussion Forums
· Frequently Asked Questions
· Document Management
· Team Tasks
· Shared Contacts
Each application has a series of standard pages that are stored in the specified folder that includes a Welcome page, Instructions, “What's New”, Frequently Asked Questions, Related Content, Help and an Administrator's page. The Main Page for the application will provide links to these other pages with View Tabs to view the different areas and create new items for submission as well as other appropriate actions for the application.
The applications are further customizable with the Outlook Design Environment and web development tools such as Microsoft's Visual InterDev to enhance the user interface and provide additional functionality. The Exchange Server scripting can also be used to add server-side business logic.
Outlook Folder Home Pages: Outlook Folder Home Pages are standard HTML pages that are associated with Exchange Server's private or public folders. These can be used to enhance Public Folder applications with the flexibility of HTML and scripts and allow the creation of sophisticated, easy-to-use team-based applications. The Internet Explorer DHTML rendering engine is used to allow web pages to be viewed in the Outlook 2000 right-hand pane. Although this supports the Internet Explorer security zones, this is not intended as a replacement for the corporately deployed web browser for general browsing and execution of web-based applications.
Sharing learning from experiences and creating a corporate memory are critical component of a knowledge management strategy. The ability to share experiences by publishing them to central locations in a form that anyone can read is central to making sure that people are spending time innovating, not recreating.
Save as HTML and Save to HTTP: With Office 2000, saving HTML pages to web servers is now as easy as saving a word document to a hard drive. This makes it possible for knowledge workers to directly open, add and edit their thoughts to documents stored in centralized web servers without losing any richness in the document. As content management models move towards web-based publishing, this means that Office can serve as the content editing tool on these next-generation solutions.
XML Tagging: When Office documents are saved as HTML pages, all of the documents properties (author, date modified, company, source, etc.) are saved using XML tags. In addition, any objects saved within the documents are also tagged using XML. Using these standards based tags will support new, more sophisticated document management solutions such as compound document systems.
WebDAV Support: Office 2000 now includes support for the WebDAV standard. WebDAV works behind the scenes over the HTTP protocol, giving Web authors a single, consistent way to access and write documents residing on remote servers from multiple vendors. WebDAV also "locks" documents to prevent users from accidentally overwriting each other's changes. In addition, WebDAV improves navigation and manageability through documents and their properties, allowing users to navigate a WebDAV-compliant server and view the server as if it was a part of the local file system.
For example, users will be able to drag and drop files and perform other file system-related tasks such as moving, copying and saving files seamlessly between local files and remote WebDAV-compliant servers. In addition, users can create, remove and retrieve properties about Web pages in a consistent way. Moreover, the WebDAV initiative plans to address versioning, though the current specification does not currently provide for it.
Because WebDAV is built on HTTP 1.1, it can be supported on virtually any Web server in use today. XML and XML Namespaces, open standards from the World Wide Web Consortium (W3C), are used to specify and retrieve document properties, making the navigation and manageability of Web-based documents easier. Because WebDAV is based on extensible technologies such as HTTP and XML, it will be easy to extend in the future.
Employees need to be able to easily obtain data for analysis using familiar tools. Employees should not have to rely on the management information services (MIS) department to create complex front ends to corporate databases. By using Office applications, employees have full access to data and the tools to analyze industry-wide, corporate and even departmental data. In addition, employees should be able to communicate and collaborate on data analysis, real-time, with other employees–either from headquarters or remotely.
Corporations increasingly use Microsoft Excel to access their enterprise data. Excel 2000 responds by adding new support for server-based data access.
· OLAP PivotTable® & PivotChart™ Views. This new functionality enables users to create PivotTable views against any OLEDB for OLAP provider, such as Microsoft SQL Server™. The Microsoft OLEDB provider for MSOLAP and the OLAP Cube Wizard in Microsoft Query can be used to create OLAP PivotTable views against any ODBC compliant data source.
· OLEDB and ADO Support. Excel 2000 supports OLEDB and ADO for better performance against SQL server and other OLEDB providers, giving users a simpler interface to their corporate data stored in SQL Server. Supporting ADO also means that developers have programmatic access to any OLEDB provider through Excel 2000.
· Large Data Stores. A client/server approach enables Excel 2000 to deal more effectively with large databases on the server. It only brings to the client the aggregate of the data that the user wants to see, not the entire data set. Excel 2000 also takes advantage of OLAP technology that stores data in a hierarchy. Extremely large data sets are presented to the user in the form of their hierarchical categories. As users drill-down into data to gather insights about the business, they are presented as a tree-views that can be manipulated in a number of ways to track the relationships between different parts of the dataset.
Office users who create spreadsheets and databases have special challenges and opportunities when sharing documents on the Web. Unlike a word processing document, much of the value of sharing a spreadsheet or database lies in allowing other users to interact with the document and tailor it to their own needs.
For example, if you create a spreadsheet to analyze a product's profitability given various input costs, an important aspect of sharing that spreadsheet is enabling other users to enter new values and recalculate the results. Likewise, if you create an Excel PivotTable dynamic view or Access form, report, or query, an essential part of sharing these documents is allowing other users to sort, filter, pivot or enter new values themselves. Publishing a spreadsheet or database document to the Web is only half the story. The other half is enabling other people to interact with the published document and garner information specific to the viewer, not just the publisher.
The new Office Web Components are a collection of controls for publishing spreadsheets, charts and databases to the Web, taking full advantage of the rich interactivity provided by Microsoft Internet Explorer version 4.01 and higher. When users browse a Web page containing an Office Web Component with Internet Explorer, they can interact with the page right in their browser, sorting, filtering, entering values for formula calculations, expanding and collapsing details, pivoting, etc.
Office 2000 includes three new Office Web Components that make data available through a browser. These components are:
· Spreadsheet component
· Chart component
· PivotTable component
The Spreadsheet component provides basic spreadsheet functionality in the browser, allowing users to enter text and numbers, create formulas, recalculate, sort, filter and perform basic formatting. It supports frozen panes for keeping header rows and columns visible while scrolling through data, as well in-cell editing and resizable rows and columns.
The Chart component provides interactivity and automatic updates as the underlying data changes.
The PivotTable component is very similar to PivotTable views in Excel and provides a dynamic way to view and analyze database information in the browser. The PivotTable component is created in either Microsoft Access or Excel and resides on a Data Access Page. This component lets users browse report data, dynamically sort and filter it, group it by rows or columns, create totals and focus on the details behind the totals. It helps users work efficiently with large or small amounts of data. Though the author of the Data Access Page decides what will be the initial view, the user can access the Field List to drag and drop the dynamically linked fields directly onto the page.
The Microsoft Office Web Components are tightly integrated with the Office 2000 applications to enhance Web publishing and browsing. They augment Excel and Access, enabling Office 2000 users to create new, interactive Web-based scenarios while preserving and enhancing their investment in Office training and expertise, and their existing Office documents.
Better Decisions from Better Information
The Knowledge Services component of the Knowledge Management platform provides the intelligence for managing, organizing and delivering information in more targeted ways than has ever been possible before. These services are capable of aggregating information from virtually any source, refining it based on intelligent categorization and then delivering it to a knowledge worker based on their needs or preferences.
The core knowledge services that provide this functionality are as follows:
· Capture, Search and Deliver
· Content Management
· Business Intelligence
· Tracking and Workflow
The foundation for these services is a dual store strategy that provides the choice of two distinct, yet fully integrated, storage engines that gives Microsoft customers unparalleled flexibility in the organization and delivery of information. Going forward these two storage engines, the relational store in SQL Server 7.0 and the collaborative object store in Exchange, will become even more deeply integrated as Exchange embraces the OLE/DB and ADO standards for data access. This will allow developers to seamlessly integrate data from collaborative and line-of-business based applications. This approach addresses the need for a collaborative store with standardized business objects that allows for rapid development of collaborative solutions, and a relational store for data warehousing and line of business application support. By providing a layer of abstraction on these stores – so that they can be seamlessly searched, accessed and programmed against for workflow – Microsoft is enabling partners and customers to reap the benefits of both storage models.
As it stands today, searching often take too much time because information is both scattered across multiple structured and unstructured data stores and is often not organized into clear categories. Searching can be the last resort and it typically returns too many results to be useful. People are often spending too much time searching for content when they could be working with the content. Microsoft Site Server 3.0 provides a set of powerful tools for gathering and distributing knowledge across an organization.
Content for indexing is acquired with “crawlers” that access various types of content repositories. Many more information sources can now be accessed and the list that can now be crawled includes:
· File systems
· Web sites (Internal and External)
· Databases (via OLE DB 2.0 / 2.5 and thus ODBC)
· Exchange Public Folders
The crawler maintains the security context defined in the file systems, web sites databases and Exchange Public Folders. Maintaining the security context enables access controls to be respected and enforced when the user is searching for content. This means that people are unable to circumvent the organization's security restrictions. Note that because the protocol handler can be customized and extended, arbitrary information stores can also be included in the indexing process.
Before Site Server 3.0, it was difficult to produce more than a static site that behaved identically for every user. Site administrators who attempted more than this typically had to build custom solutions to personalize sites and maintain secure areas on their site. Building these custom solutions required hiring outside consultants or developing, testing, and debugging the code in-house, which is a costly process. While a small number of high-end sites can afford these large investments, most sites do not offer personalization or membership features. Site Server 3.0 offers easy-to-use tools to enable all sites to add capabilities to their sites that were previously not feasible and allowing larger sites to reduce their infrastructure development and maintenance costs and streamline their operations.
Site Server 3.0 provides a powerful and customizable solution for organizations to personalize content for visitors and to provide secure content based on membership on a site. In this version, Site Server adds many new features to the Personalization Server and introduces the Membership Server.
Several of the Site Server Personalization Server and Membership Server features directly address the three needs described above. The features deliver the following benefits:
· Direct mail: Deliver personalized content directly to knowledge workers through e-mail. People can be targeted precisely based on their actual usage patterns on the site. The targeted e-mail can be sent on an administrator-defined schedule.
· Personalized content: Present knowledge workers with the content that is most relevant to their needs.
· Members-only areas: Provide members-only parts on a site to which the right users are granted access.
These benefits are provided through two main feature areas:
· Personalization: Features that allow different content to be offered automatically to different users, based on their needs and preferences, and using a variety of delivery mechanisms. New tools and features included in Site Server 3.0 make it easy to build rules governing personalized content, to deliver content by email, and to store user profiles in the Membership Directory.
· Membership: Features that allow organizations to register users and manage user data, protect and share user data, verify users' identities, and control access to content on a site. All user information is stored in a highly scalable, standards-compliant LDAP directory based on SQL Server. This entire feature area is new in Site Server 3.0.
The core component of Microsoft's collaboration platform is Exchange Server, and, in particular, Exchange Public Folders. Public folders are storage areas held on Exchange Servers where information can be grouped according to some criterion and then shared amongst an organization's users. Many kinds of information can be stored in public folders, from e-mail messages to graphics and sound bites. Public folders also can contain custom forms that serve as a base for creating applications such as bulletin boards, discussion forums, customer tracking and electronic Help desks.
Users can organize and control their view of a public folder in ways that are appropriate for their individual needs. By sorting and grouping specific characteristics of a public folder's contents, users have direct access to the precise types of information they need. Users can also add the public folders they use most frequently to their list of public folder favorites providing a quick and easy way to access their information.
Public folders can also be replicated to other Exchange Servers to provide the same information as the original public folder. This can be used to provide automatic load balancing for user requests, increased availability in a wide area network and a greater tolerance towards planned and unplanned system outages.
Microsoft Exchange and Outlook have a number of pre-defined business objects that allow users to instantly begin sharing and organizing information. These objects are the same as those provided for a user's private use in their Outlook Mailbox that greatly minimizes end user training. The table below defines the Outlook and Exchange business objects and their typical usage in a public folder:
Users can share, post, and update schedules for activities such as training classes, sporting events, and company functions. For example, product launch milestones such as trade shows, product ship dates, or press tours can be posted to a Calendar folder for group viewing.
Team members can share a common task list that displays who is responsible for a task and the status of the task. For example, a project manager can create a public Tasks folder that team members can update when tasks are completed or significant progress is made. This provides the product manager with up-to-date information on the status of a project.
Users can add to, update, and share a list of contacts. For example, the sales department can share a list of leads, or the entire company can share a list of vendor contacts.
Users can log and track information such as the amount of time an individual spends on a particular task, on a project, or with a specific customer. You can set the Journal to automatically log and store Office documents, contact calls, e-mail, and other communications.
This is the graphical interface equivalent of self-stick notes. The color and category can be customized for easy retrieval, and the note can be forwarded as a message.
Discussion group applications enable users to conduct online discussions. Users do not need to co-ordinate their schedules to be online simultaneously because they are communicating asynchronously using post forms. Post forms are used to place items in a folder and to post responses to items in a folder. Discussion group applications serve as the foundation for creating threaded conversations, so users can view the history of responses to a particular item.
Microsoft Exchange is also an excellent back-end store for web applications. Because it holds extended properties in its schema, it can provide more detailed metadata about documents and other objects than the file system. In addition, knowledge workers can interface with the public folder hierarchy through either Outlook, Outlook Web Access or a custom browser front end.
Microsoft Exchange and the Web
Almost all of the Microsoft Outlook functionality is also available from web browsers through Microsoft Internet information Server. Server resident components in the form of a series of Active Server Pages interact with Collaboration Data Objects (CDO) to render and access user's mailboxes as well as Public Folders. This allows organizations to integrate access to messaging components from web-based applications.
Microsoft NetMeeting delivers a complete Internet conferencing solution for Windows with which users can experience the benefits of a real-time, multipoint communication and collaboration client. NetMeeting provides powerful conferencing functions in a complete, integrated package for the Internet or corporate Intranet. This product helps users to take full advantage of the corporate Intranet to communicate and collaborate more effectively in real time.
The following standards-based capabilities are integrated together with NetMeeting:
Support for multipoint data conferencing allows two or more people to communicate and collaborate as a group in real-time over the Internet or corporate Intranet. NetMeeting enables users to work together by sharing applications, exchanging information between shared applications through a shared clipboard, transferring files, collaborating on a shared whiteboard, and communicating with a text-based chat feature.
The following features comprise multipoint data conferencing:
Application sharing. You can share a program running on one computer with other participants in the conference. Participants can review the same data or information, and see the actions as the person sharing the application works on the program (for example, editing content or scrolling through information.) Participants can share Windows-based applications transparently without any special knowledge of the application capabilities.
The person sharing the application can choose to collaborate with other conference participants, and they can take turns editing or controlling the application. Only the person sharing the program needs to have the given application installed on their computer.
Shared clipboard. The shared clipboard enables you to exchange its contents with other participants in a conference using familiar cut, copy, and paste operations. For example, you can copy information from a local document and paste the contents into a shared application as part of a group's collaboration. This capability provides seamless exchange of information between shared applications and local applications.
File transfer. With the file transfer capability, you send a file in the background to one or all of the conference participants. You can right-click on a person in the conference and choose to send him or her a file, or you can drag a file into the Microsoft NetMeeting window and have a file automatically sent to each participant in a conference, who can then accept or decline receipt. The file transfer occurs in the background as everyone continues sharing an application, using the whiteboard, or chatting. This file transfer capability is fully compliant with the T.127 standard.
Whiteboard. The whiteboard program is a multi-page, multi-user drawing application that enables you to sketch diagrams, organization charts, or display other graphic information with people in a conference. Whiteboard is object-oriented (versus pixel-oriented), allowing users to move and manipulate the contents by clicking and dragging with the mouse. In addition, you can use a remote pointer or highlighting tool to point out specific contents or sections of shared pages. This capability extends the application-sharing feature of NetMeeting by supporting ad hoc collaboration on a common drawing surface.
Chat. A user can type text messages to share common ideas or topics with other conference participants, or record meeting notes and action items as part of a collaborative process. In addition, participants in a conference can use chat to communicate in the absence of audio support. A new "whisper" feature lets you have a separate, private conversation with another person during a group chat session. From the Chat window, simply click on the person's name in the Send To list, and type your private text message that only you and the selected person will see.
With a video capture card and video camera, you can send and receive video images over the Internet or corporate Intranet for face-to-face communication during a meeting. You can receive video even if you do not have a camera connected to your computer. In addition, you can utilize the video conferencing capability to take a snapshot picture with your video camera and place the image on the whiteboard for further discussion or mark-up.
With NetMeeting, you can send and receive real-time visual images with another conference participant using any video for Windows-compatible equipment. You can share ideas and information face-to-face, and use the camera to instantly view items, such as hardware or devices, that you choose to display in front of the lens. Combined with the audio and data capabilities of NetMeeting, you can both see and hear the other conference participant, and share information and applications.
NetMeeting supports the H.323 standard for audio and video conferencing that allows it to interoperate with other compatible videophone clients, such as the Intel Internet Video Phone.
NetMeeting supports video capture cards and cameras that are compatible with Video for Windows drivers. This includes most commonly available video hardware. High-quality, real-time video images cab be achieved using a standard 28.8 kbps modem Internet connection, IP over ISDN connection, or local area network (LAN) connection and the size of the video window can be dynamically changed to reduce or enlarge the sent images.
NetMeeting video functions integrate with system policy support in the Windows NT® 4.0 operating system. This allows organizations to centrally control and manage video settings for their user communities.
With its support for Intel's MMX technology, specialized NetMeeting for MMX codecs provide enhanced performance for video compression and decompression as well as providing lower CPU utilization and improved video quality during a call.
With a sound card, microphone, and speakers, NetMeeting lets you talk to business associates over the Internet or corporate Intranet in real-time. During a conversation, you can utilize the data or video conferencing capabilities in NetMeeting to enhance your communication.
Real-time, point-to-point audio conferencing over the Internet or corporate Intranet enables you to make voice calls to associates and organizations around the world. NetMeeting audio conferencing offers many features, including half-duplex and full-duplex audio support for real-time conversations, automatic microphone sensitivity level setting to ensure that meeting participants hear each other clearly, and microphone muting, which lets you control the audio signal sent during a call. This audio conferencing supports network TCP/IP connections.
Exchange Server 5.5 is the leading messaging and collaboration product on the market today, providing a highly reliable and scalable platform for email, group scheduling, collaboration and applications such as workflow and routing. The next version of Exchange, code-named “Platinum,” will advance the state-of-the-art in messaging and collaboration by introducing many important new features, increasing performance and enhancing the integration with other products, specifically Microsoft Windows 2000 and Microsoft Office 2000.
Platinum is the fourth release of Microsoft Exchange Server, and includes major new advances in many areas of the product. The key design goals for the Platinum release of Exchange Server are:
· Refine Exchange's architecture to provide customers with even greater levels of reliability, security and scalability, and make the product easier to administer through tighter integration with Windows.
· Expand the product's use of Internet standards such as SMTP, LDAP and HTML to increase performance and to provide new levels of integration with the Intranet and corporate intranet.
· Enhance the collaboration capabilities of the product, enabling customers to expand their use of Exchange, the BackOffice® family and Office 2000 as a platform for a wide range of business solutions.
· Establish a foundation for advanced communication, providing a single platform for “anytime, anywhere” productivity through a wide range of devices and new forms of collaboration.
Exchange Platinum will takes advantage of the full power of Windows 2000 Active Directory™ services, enabling system administrators to create a single, unified enterprise directory. Exchange 5.5 provides a scalable architecture for enterprises of all sizes, from the smallest networked office to the largest global corporation. Platinum will extend the scalability of Exchange to hosted services serving millions of users. To achieve this level of scalability, Exchange will feature multiple messaging databases, and allow services to be partitioned across multiple servers. To increase the already high levels of reliability experienced by Exchange customers, Platinum will include new clustering options, including Active/Active clustering, and enable a single logical database to be split across multiple physical databases. Administration of Exchange will become easier through integration with the Microsoft Management Console in Windows 2000.
Exchange Server 5.5 and Microsoft Outlook provide native support for all major Internet messaging, security and collaboration standards, including SMTP, POP, IMAP, LDAP, S/MIME, X509v3, and iCalendar. Platinum will take integration with the Internet much further, providing richer and more integrated support for Internet data, while making access to Exchange information from the web simpler for everyone. In addition, the core routing engine of Platinum will leverage SMTP for increased routing performance and reliability.
Native format storage for Streaming and Internet Data: The concept of what constitutes an email message is changing dramatically. Today, an email message can be anything from a simple piece of text to a message with extremely large audio and video attachments. To meet this challenge, Platinum is being engineered to natively manipulate very large messages and attachments. New in Platinum is separate high-performance database that is focused solely on storage and retrieval of “Super Long Value” (SLV) objects. This database will also let clients receive audio and video in a continuous stream, enabling faster response times for even the largest attachments. In addition, email clients will be able to store and retrieve MIME content directly from Platinum without any form of conversion, increasing overall performance.
Easier access to Exchange information via Web Browsers: Outlook Web Access (OWA), the browser-based client for Exchange Server, will be substantially upgraded in Platinum, in performance, scalability and functionality. By rendering HTML directly in Platinum's core process, and through the use of Extensible Markup Language (XML) and other Internet standards, Platinum will speed the performance of OWA on everyday messaging and group scheduling tasks. Platinum makes it easy to retrieve information using a web browser, as all data stored in Platinum can be accessed through a web browser with a user-friendly URL. For example, users can access their inbox using a URL such as “http://mail/server/username/inbox”, giving them easy access via a web browser, and can just as easily access individual messages, documents, or collaboration items. This will make Exchange public folders even more powerful repositories for shared information and application data.
Exchange Server 5.5 is a powerful collaboration platform, enabling a wide range of collaboration services, from group scheduling and team contact management, to enterprise-wide workflow and tracking applications. Microsoft Outlook, the premier client for Exchange Server, includes a complete application development environment for electronic forms, views and business logic. Platinum will expand the Exchange platform for collaboration in a number of important ways. First, Platinum will be a natural and easy-to-use database for storing and sharing Office 2000 documents. Next, Platinum will include an OLE/DB provider that will make it easy to create applications that leverage both Exchange and SQL Server. Finally, the Collaboration Data Objects (CDO) library will be significantly enhanced, and will support a new server event model, including synchronous events.
Enhanced integration with Office 2000: Platinum significantly increases the level of integration between Exchange and Office 2000. In Platinum, documents can be saved directly from Office 2000 applications into the Platinum database, and easily retrieved from Platinum directly into Office. This enables Office users to leverage the security, replication, accessibility and powerful workflow capabilities of Exchange as a store for Office documents. An important characteristic of Exchange is its ability to store custom properties on the items stored in its database. This feature takes on new importance as Office documents are stored in the server, enabling Office users to leverage the power of Outlook to view, sort and manage shared and personal documents with the same tools they currently use for their email, calendar and contacts.
OLE/DB Provider: OLE/DB is a programming interface that provides a common means of accessing BackOffice data, regardless of which server the data is stored in. Platinum includes full support for OLE/DB, giving designers unparalleled opportunities to create applications that utilize the data and services of Exchange Server, SQL Server, and the other components of BackOffice. OLE/DB generalizes row-set access, query specification and execution, and data hierarchy navigation, and benefits application designers by leveraging their experience with SQL tools such as queries, forms and reports and allowing combined SQL and Exchange data manipulation.
Collaboration Data Objects (CDO) 3.0: Platinum includes significant enhancement to the Collaboration Data Objects (CDO) data model. CDO is a powerful tool for specifying business logic for workflow and other collaborative applications, and for developing web-based applications. CDO 3.0 is built on OLE/DB and not only provides a higher level of access to the Exchange Server data, but also provides access to Internet standard protocols services such as LDAP queries and MIME message body parts. Using CDO 3.0, administrator and developers will be enable to add capabilities to both the server and the Outlook client to suit their technology and business needs, for example, archiving messages, enforcing corporate policies, forwarding notifications to pagers and managing distribution list traffic. CDO 3.0 will also support S/MIME and X.509 v3 certificates, provide enhanced calendaring and contact management support, and be “dual-interfaced” for programming in C++, Visual Basic, Visual Basic Scripting Edition (VB Script), Java Script, and Java.
Server Event Model: Platinum will include a comprehensive server event model, enabling designers to create many types of applications that were previously impossible. The event model adds support for synchronous events for processing objects as events occur to the existing support for asynchronous events. Sources for these events include Protocol services that enable processing of messages as they arrive from the Internet or across protocols for new levels of virus detection and policy adherence; Routing engine events for triggering workflow and custom routing logic; and Data store events that will enable customized archiving capabilities. These events allow an organization to enforce business rules and policies in an effective, consistent fashion, and allow partner companies to increase the level of integration of third-party products with Exchange.
Messaging is moving beyond sending text emails within an organization, and Exchange Platinum will provide a powerful, flexible platform for a wide range of new communication services, including T.120-based data conferencing and real-time collaboration. Platinum will support “instant messaging” and “presence information,” allowing users to detect the presence of others on the network and communicate in real time with them. In addition, Platinum will have enhanced services for unified messaging, allowing uniform access to email and voice mail from any client, including standard and wireless phones and a wide variety of other devices.
Data Conferencing: Exchange 5.5 introduced the first real-time collaboration component to Exchange Server, a fully featured Chat Server. Microsoft NetMeeting, the leading data conferencing client, is an integral part of Outlook 98 and Outlook 2000. Due to customer demand for further real-time collaboration, Platinum will include T.120-based data conferencing server, enabling a complete client/server solution that links NetMeeting and Exchange. T.120 is an Internet standard that enables products such as Microsoft NetMeeting to provide real-time conferencing and document authoring. Platinum data conferencing will allow dynamic, on-demand sharing of data and information using clients such as NetMeeting, giving users the ability to see, chat and share multi-media information with one another.
Instant Messaging and Presence Information: Platinum will enable users to see presence information (e.g. whether a person is online, out of the office, or busy) for other users and then send ad-hoc, urgent communications where an immediate response is required. There are many examples of where this facility can be used, both inside an organization and on the Internet, for example, when a virtual team whose members are in different offices collaborate together on an urgent proposal without needing the overhead of composing and sending e-mail messages.
Unified Messaging and support for non-traditional client devices: Unified Messaging means that Platinum can store and deliver voice messages and other non-textual messages alongside normal messaging traffic. The Platinum messaging store supports voice mail and other streaming data, and traditional email and collaboration clients such as Outlook 98 will support access to voice mail in the inbox. In addition, both voice and text messages can be forwarded directly to pagers or retrieved over the telephone. Handheld devices running the Windows CE operating system can directly access Platinum for messaging and collaboration. In addition, Exchange Server now provides direct support for pagers and telephones through Unified Messaging.
The Team Productivity Update for BackOffice Server 4.5 extends Office 2000 and BackOffice Server to enable teams to get results faster through a central location for sharing team information. This update also integrates Workgroup Web, Team Folders and tracking applications into more centrally administrable team workspaces.
The team productivity update for BackOffice Server 4.5 provides a structured, user-customized team workspace that serves as a central location for all your team information. The team workspace allows teams to work together using line of business data, tracking applications, documents, issues, and discussions using Office 2000. Users can access team workspaces through familiar clients: Outlook 2000 or Microsoft Internet Explorer 5. This way, BackOffice Server helps teams get results faster through a central location for sharing team information.
User-created team workspaces. BackOffice Server 4.5 enables end user team leaders to run a simple wizard to request and customize team workspaces. These users can select the members and owners for the team workspace. Users can then select from a list of applications provided by IT or Solution Providers that fit they way their team does business.
Automatic generation of team workspace: The Team Workspace Wizard allows end users, with IT approval and control, to create and customize team workspaces whenever the need arises. Team workspaces can be customized with FrontPage 2000. The Wizard creates the team Web folders, new public folders and two sets of out-of-the-box applications: (1) a SQL-based issues tracking template and (2) Outlook 2000 Team Folder applications based on Exchange Server, such as a group calendar, shared contacts, and discussion.
Integration with Outlook 2000 and Internet Explorer 5.0: The team workspaces enabled by BackOffice Server 4.5 are integrated with the client's most familiar to team members: Outlook 2000 or Internet Explorer 5.0. This way, for instance, team members can use Outlook 2000 as the single integrated client for teamwork in addition to email and calendaring.
Issues tracking. A SQL-based issues tracking template is included and can be easily extended to enforce particular team or company business rules related to how issues are to be tracked, such as who can close certain issues and how members are notified of issues. The application is built in Access 2000 and can be customized with Microsoft Office Developer. Additionally, the application can be taken offline, including all the data and business rules.
Collaboration applications. The update contains several Outlook 2000 Team Folder applications, based on Exchange public folders. These applications are setup automatically so the user does not need to know anything about public folder security or administration. Teams can setup discussions, group calendars, shared contacts, and other collaboration applications on BackOffice Server or any Exchange Server on the corporate network.
A team document library based on the Office 2000 Server Extensions. This way, for example, team members can subscribe to certain document and be notified of changes.
Site Server 3.0 introduced a publishing solution that enables content to be easily submitted, approved, and deployed. Site Server provides the Content Management and Content Deployment features that enable an efficient and effective four-step content publishing process:
Content author submits, edits, or deletes via a drag-and-drop Web interface. Site Server supports all file types and multiple files. Documents are tagged on submission and security can be applied through the use of Windows NT permissions. The key benefit is one-step publishing that is both easy to use and easy to learn.
Content author applies attributes, defined by the site editor, to the document via a Web-based form. Tags can be easily defined, such as default fields for author, owner, and status. The site administrator can define additional attributes and content types. The key benefit is an easy way to define and apply attributes.
Site editor amends attributes, as appropriate, and approves content. The site administrator can define approval settings for content types, filter, and delete documents. The editor can then view, edit, and apply document properties. The key benefit is an easy way for site editors to define, control and streamline the approval process.
Site administrator props content for review on a staging server and then deploys to destination Web servers securely, reliably, and quickly. Content deployment is high-performance and reliable and can be scheduled and rolled back. Content of various types can be deployed to single, multiple, or Unix servers. The key benefit is efficient content deployment.
By using Site Server's publishing features, an organization can streamline the process of publishing content to the Web. That way, content authors have an easy way to post information, site editors can check the content, and site administers can deploy the content efficiently.
Microsoft Site Server 3.0 comes with a sample intranet-publishing site that provides corporations with a jump-start for managing content in sophisticated ways.
Organizations seeking to improve their decision-making ability can be overwhelmed by the sheer volume and complexity of data available from their varied operational and production systems. Making this data accessible is one of the most significant challenges for today's information technology professionals. In response to this, many organizations choose to build a data warehouse as an integrated store of information collected from other systems that becomes the foundation for decision support and data analysis.
The data warehousing process has traditionally been complex, costly and time-consuming. Over the past several years, Microsoft has been working within the software industry to create a data warehousing platform that consists of both component technology and leading products that can be used to lower the costs and improve the effectiveness of data warehouse creation, administration, and usage. Microsoft also has been developing a number of products and facilities, such as Microsoft SQL Server version 7.0, which are well suited to the data warehousing process. Coupled with third-party products that can be integrated using the Microsoft Data Warehousing Framework, customers have a large selection of interoperable, best-of-breed products from which to choose for their data warehousing needs.
SQL Server 7.0 will offer broad functionality in support of the data warehousing process. In conjunction with the Data Warehousing Framework, Microsoft plans to deliver a platform for data warehousing that helps reduce costs and complexity, and improves effectiveness of data warehousing efforts.
The goal of the Microsoft Data Warehousing Framework is to simplify the design, implementation, and management of data warehousing solutions. This framework has been designed to provide:
· Open architecture that is easily integrated with and extended by third-party vendors
· Heterogeneous data import, export, validation and cleansing service with optional data lineage
· Integrated metadata for design, data extraction/transformation, server management and end-user analysis tools
· Management services for scheduling, storage management, performance monitoring, alerts/events and notification
Building the data warehouse requires a set of components for describing the logical and physical design of the data sources and their destinations in the enterprise data warehouse or data mart.
The components of the Data Warehousing Framework are shown below:
Operational data is accessed by the transformation and cleansing services to populate one or more data marts. The information directory integrates the technical and business metadata, making it easy to find and launch existing queries, reports, and applications for the data warehouse. End-user tools, including desktop productivity products, specialized analysis products, and custom programs, are used to gain access to information in the data warehouse. A variety of components are used for the management of the data-warehousing environment, such as for scheduling repeated tasks and managing multiple server networks.
An integrated metadata repository is shared by the various components to enable the transparent integration of multiple products from a variety of vendors, without the need for specialized interfaces between each of the products.
One of the greatest implementation challenges is integrating all of the tools required to design, transform, store, and manage a data warehouse. The ability to share and reuse metadata reduces the cost and complexity of building, using, and managing data warehouses. Each tool must be able to access, create, or enhance the metadata created by any other tool easily, while also extending the metadata model to meet the specific needs of the tool.
The Microsoft Data Warehousing Framework makes use of shared metadata held in the Microsoft Repository, which is a component of Microsoft SQL Server 7.0. The Microsoft Repository is a database that stores descriptive information about software components and their relationships. It consists of an open information model (OIM) and a set of published interfaces.
OIMs are object models for specific types of information and are flexible enough to support new information types as well as extensible enough to fit the needs of specific users or vendors. Microsoft has developed OIMs in collaboration with the software industry for database schema, data transformations, and online analytical processing (OLAP).
The Meta Data Coalition, an industry consortium of 53 vendors dedicated to fostering a standard means for vendors to exchange metadata, has announced support for Microsoft Repository.
A data transformation is a sequence of procedural operations applied to information in a data source before it can be stored in a specified destination. Microsoft Data Transformation Services (DTS) supports many types of transformations, such as simple column mappings, calculation of new values from one or more source fields, decomposition of a single field into multiple destination columns, etc.
DTS allows the user to import, export, and transform data to and from multiple data sources using an OLEDB-based architecture. OLE DB data sources include not only database systems, but also desktop application file types such as Microsoft Excel. Microsoft provides native OLE DB interfaces for SQL Server and for Oracle. In addition, Microsoft has developed an OLE DB wrapper that works in conjunction with existing ODBC drivers to provide access to other relational sources. Delimited and fixed-field text files are also supported natively.
DTS transformation opens a row set from the data source and pulls each row from the data source into the data pump. The data pump executes scripting functions that can be written in Visual Basic; JScript or PerlScript to copy, validate or otherwise transform the data. The new values for the destination are returned to the pump and sent to the destination by means of high-speed data transfers. Destinations can be OLEDB, ODBC, ASCII fixed field, ASCII delimited files, and HTML. This is shown below:
Data Transformation Services
DTS will record and document the lineage of each transformation in the repository so customers can know where their data came from. Data lineage can be tracked at both the table and row levels. This provides a complete audit trail for the information in the data warehouse. Data lineage is shared across vendor products. DTS packages and data lineage can be stored centrally in Microsoft Repository. This includes transformation definitions, Visual Basic scripting, Java scripting, and package execution history. Integration with Microsoft Repository allows third parties to build on the infrastructure provided by the DTS Transformation Engine. DTS packages can be scheduled for execution through an integrated calendar, and then executed interactively or in response to system events.
The Microsoft SQL Server OLAP Services is a fully featured OLAP capability that is a component of Microsoft SQL Server version 7.0. OLAP Services provides a middle-tier server that allows users to perform sophisticated analyses on large volumes of data with exceptional performance. OLAP Services also provides a client cache and calculation engine called Microsoft PivotTable Service, which helps improve performance and reduce network traffic. The PivotTable Service also allows users to conduct analyses while disconnected from the corporate network.
OLAP Services serves a wide array of enterprise business analysis solutions—from corporate reporting and analysis to data modeling and decision support. OLAP Services provides:
· Intelligent aggregations to provide significantly smaller databases for improved performance
· Flexible storage architecture supporting MOLAP, ROLAP and hybrid OLAP
· Numerous analysis functions to provide comprehensive data modelling and decision support
OLAP Services incorporates intelligent aggregation selection; automatically choosing a subset of all possible aggregations from which the remaining aggregations can be quickly calculated when they are needed. The Aggregation Design wizard provides additional flexibility by allowing the cube designer to specify the trade-off between disk storage requirements and the amount of pre-calculated aggregation.
Cubes can be partitioned to spread data across several servers. Data is seamlessly presented to the user as if it were stored in one place. This feature enables the cube designer to make the most effective and efficient use of existing data storage facilities.
The data model provides a great deal of flexibility. OLAP Services supports full Multidimensional OLAP, Relational OLAP, and Hybrid OLAP implementations, offering the OLAP database designer the opportunity to choose the model most appropriate to the needs of the organization. The underlying data model or data models chosen by the cube designer are invisible to the client application and its user.
This OLAP Services architecture is shown below:
OLAP Services Architecture
On the server, the Analysis Server provides the core computational functionality. Programmatic access to administrative functions in the Analysis server is through an object model called Decision Support Objects (DSO), which is documented by Microsoft. The OLAP Manager is the built-in administrative user interface for OLAP Services and it allows the administrator to design OLAP data models, access information in RDBMS stores, design aggregations and populate OLAP data stores.
OLAP Services can access either a Relational OLAP store or a Multi-dimensional OLAP store. If a ROLAP store is being used, the Object Model provides the transformations to present the relational data to the Analysis Server. Any supported OLE DB data provider can be a ROLAP provider. This includes SQL Server and a large number of desktop and server databases, including Microsoft Access, Oracle, Sybase, and Informix. Any database source that provides an Open Database Connectivity (ODBC) interface is accessible as OLE DB can wrap ODBC drivers and exposes them as native OLE DB interfaces.
On the client side, OLAP Services includes a component called Microsoft PivotTable Service. PivotTable Service is the facility that connects OLAP client applications to the OLAP Services server. All access to data managed by OLAP Services, by custom programs or client tools, is through the OLE DB for OLAP interface provided by PivotTable Service.
The OLAP Services are unusual in that they provide much of the same functionality on the client as the server. Every client connects to OLAP Services servers through the PivotTable Service that acts as a driver to manage the connection between the client and server. This shares much of the same code as the OLAP Services server, bringing the server's multidimensional calculation engine, caching features, and query management directly to the client.
This results in an innovative client/server data-management model that optimizes performance and minimizes network traffic. This comes at a very small computing cost: the disk space required for PivotTable Service is approximately 2 MB, and the memory requirements are only 500K in addition to the cached data.
The PivotTable Service also provides the mechanism for disconnected usage. Portions of cubes defined and accessed from a server can be saved on the client for later access when disconnected from the network. In this way, business users can take portions of their database while travelling and still have complete analysis capabilities. In addition, PivotTable Service allows users to create simple OLAP models locally, accessing information in OLE DB compatible data sources, from flat files to desktop databases.
Finally, PivotTable Service provides the connectivity for Web-based applications. While OLE DB for OLAP is a low-level programming interface, a new extension to ActiveX® Data Objects (ADO) provides multidimensional data access. This extension, called ADO/MD, can be used to create ActiveX controls in Microsoft Visual Basic to browse, chart, or report on data in OLAP Services from a Web page. ADO/MD is the corporate application programmer's tool for gaining access to the full functionality of OLAP Services.
The Microsoft Exchange Server Routing Objects and Routing Engine provide an extensible method for building simple routing solutions.
From a high-level or architectural viewpoint the Exchange Server routing solution is a hub-and-spoke architecture. An Exchange Public Folder (or a mailbox) acts as the hub, and the flow of messages to and from each participant in the route appears as the spokes. Figure 1 shows the logical view of a simple route on the left. The diagram on the right shows the actual movement of messages.
Figure 1. Logical view of route compared to the actual movement of the messages
From an implementation perspective the Exchange Server routing solution could be conceived of as a stateful scripting agent. There are four components:
· A routing engine, which manages the state and state transitions of the route.
· A routing map, or state diagram, which describes the process logic to be used in the route.
· A set of objects to assist in manipulation of the map and other items.
· Some scripts, which describe the set of functions that will be used in execution of the route.
The Routing Engine has been implemented as a custom agent that runs under the control of the Exchange Event Service. It is configured on a per-folder basis and responds to all the events generated by the Event Service on that folder.
Additional features of the Exchange Server routing service:
Security: Scripts used in the Event Service run at a very high privilege, and consequently only a very few people in an organization are authorized to write these scripts and establish Event-Service bindings. The Exchange Server routing solution enables an administrator to establish the bindings and a library of script functions on a particular folder just once. From this point on, any user with folder owner permissions is able to define routes of arbitrary complexity.
Roles: A mechanism has been implemented that enables roles to be used as addresses rather than actual e-mail addresses. Roles in this context include manager, receptionist, and expense report approver. The Exchange Server 5.5 Service Pack 1 CD includes a Web-based tool to assist in the administration of these roles. The Exchange Server Routing Objects can use these roles to determine an address relative to a given participant. Since this is driven through scripts, any number of indirections may be used.
Logging: The Routing Log object can be used both at the client and at the server. Using the Consolidate method, the logs from both sources can be combined to form a detailed audit of every action that occurred in the route.
Embedded Messages. The Routing Work Item provides a method for a scriptwriter to embed a message in a message. The routes created by the Routing Wizard use this functionality to ensure that any form dropped into a routing enabled folder can be opened and used without modification by the client. The approval and rejection is handled by the wrapper message.
Voting. The Routing Objects provide methods to enable the Outlook voting buttons to be both set and interpreted from server-side script. This enables the full power of this functionality to be widely used.
The Foundation for the Digital Nervous System
Microsoft Windows 2000 provides a scaleable set of services that manage all the core elements of any Digital Nervous System solution. The Active Directory provides a centralized, standards-based directory for managing the information about the skills and competencies of employees.
A directory service is one of the most important components of an extended computer system. Users and administrators frequently do not know the exact name of the objects they are interested in. They may know one or more attributes of the objects and can query the directory to get a list of objects that match the attributes. For example, “Find all color printers in Building Q109.” A directory service allows a user to find any object given one of its attributes.
A directory service can:
· Enforce security defined by administrators to keep information safe from unauthorized access.
· Distribute a directory across many computers in a network.
· Replicate a directory to make it available to more users and resistant to failure.
· Partition a directory into multiple stores to allow the storage of a very large numbers of objects.
Active Directory is the directory service in Windows® 2000. It extends the features of previous Windows-based directory services and adds entirely new features. Active Directory is designed to work well in any size installation, from a single server with a few hundred objects to thousands of servers and millions of objects. Many new directory service features are provided that makes it easy to navigate and manage large amounts of information, saving time for both administrators and end users.
In tests performed at Compaq's European Benchmark Centre in Sophia-Antipolis, France, Compaq demonstrated 16 million user objects loaded into a production configuration of Active Directory on 4-CPU AlphaServer 4100 machines with 2 GB of memory. The object database occupied 68.8 GB and grew in a linear fashion during the load, and response time to clients was maintained throughout, showing that significant additional capacity remained
A performance and scalability test modeled a large, geographically diverse company with a headquarters location and 100 smaller regional sites. The headquarters were connected with high-speed networks, and the regional sites were linked to the headquarters location by a variety of WAN technologies. The headquarters location contained a replica of Active Directory on each of 20 servers, and a replica of Active Directory was on a server machine in each of the 100 regional sites. All replicas contained a complete view of the company's data and supported full query and update operations. In this configuration, Active Directory showed the ability to sustain over 300,000 individual changes per day—where adding a user account or changing a password produces one change—providing enough replication capacity to support even large enterprises and Internet service providers.
In addition to handling the traditional administrative tasks of the directory services, the Active Directory will satisfy a variety of naming, querying, administrative, registration and resolution needs.
The following diagram summarizes the overall function of Active Directory in the system.
Functional usage of the Active Directory
The Active Directory data model is derived from the X.500 data model. The directory holds objects that represent things of various sorts, described by attributes. The universe of objects that can be stored in the directory is defined in the schema. For each object class, the schema defines what attributes an instance of the class must have, what additional attributes it may have, and what object class can be a parent of the current object class.
The Active Directory schema is implemented as a set of object class instances stored in the directory. This is very different from many directories that have a schema, but store it as a text file to be read at start-up. Storing the schema in the directory has many advantages. For example, user applications can read the schema to discover what objects and properties are available.
The Active Directory schema can be updated dynamically. That is, an application can extend the schema with new attributes and classes, and can use the extensions immediately. Schema updates are accomplished by creating or modifying the schema objects stored in the directory. Like every object in the Active Directory Services, access control lists (ACLs) protect schema objects, so only authorized users may alter the schema.
Active Directory allows a single point of administration for all published resources, which can include files, peripheral devices, host connections, databases, Web access, users and other arbitrary objects and services. It uses the Internet Domain Name Service (DNS) as its locator service and organizes objects in domains into a hierarchy of organizational units.
Active Directory integrates the Internet namespace with the operating system's directory services, thus allowing enterprises to unify and manage the multiple namespaces that now exist in the heterogeneous software and hardware environments of corporate networks. It uses the Lightweight Directory Access Protocol (LDAP) as its core protocol and can work across operating system boundaries, integrating multiple namespaces. It can subsume and manage application-specific directories, as well as other network operating system directories, to provide a general-purpose directory that can reduce the administrative burden and the associated costs of maintaining multiple namespaces.
The Microsoft Exchange directory structure and storage engine provides the foundation for Active Directory Services. The Microsoft Exchange storage engine provides multiple indexes for fast retrieval and an efficient mechanism for storing "sparse" objects. That is, objects that support many different properties but do not always have values for all of them. From this foundation, Microsoft has developed general-purpose directory service that scale from a small installation with a few hundred objects to a very large installation with millions of objects.
The Active Directory supports multiple stores and can hold more than one million objects per store, thus offering unparalleled scalability while maintaining a simple hierarchical structure and ease of administration. When combined with the Microsoft Distributed File System (scheduled for release with Windows 2000), Active Directory Services will bring networks even closer to the goal of a single global namespace.
Active Directory is specifically designed to subsume and manage other directories, regardless of their location or their underlying operating systems. To accomplish this, Active Directory provides extensive support for existing standards and protocols, including standard name formats, and provides APIs that facilitate communication with these other directories.
Active Directory uses the DNS as its location service, and can exchange information with any application or directory that uses LDAP.
DNS is the most widely used directory service in the world. DNS is the locator service used on the Internet and in most private Intranets. A locator service is used to translate a name—for example, MyMachine.Myco.Com—into a TCP/IP address. DNS is designed to scale to very large systems (it supports the entire Internet), while remaining "lightweight" enough for use in a system with just a few computers.
Active Directory also uses DNS as its locator service and the same simple naming model used on the Internet is used in the Active Directory. Myco.Com can be both a DNS domain and a Windows 2000 domain. jbrown@Myco.Com is both an Internet e-mail address and a user name in the Myco.Com domain. Windows NT domains can be located on the Internet and Intranet the same way any resource is located on the Internet—by means of DNS.
Active Directory further embraces Internet standards by directly supporting the Lightweight Directory Access Protocol (LDAP). LDAP is an Internet Proposed Standard (RFC2251) for accessing directory services and was developed as a simpler alternative to the X.500 Directory Access Protocol. Microsoft is an active participant in the advancement of LDAP standards and provides support for both LDAP version 2 and version 3 in the Active Directory.
The Windows 2000 Distributed Security Services provides flexible solutions for building secure, scaleable distributed applications. Security administration and management provide richer features for delegation and fine-grain account control. Active Directory supports domains with a much higher number of accounts in a structured naming environment of organizational units. Interdomain trust management is simpler, providing greater flexibility to use domains in ways that reflect the needs of the Enterprise.
Windows 2000 security APIs for network authentication, data privacy, digital signatures, and encryption support secure application development for the Enterprise and the Internet. The SSPI and CryptoAPI interfaces make all the integrated security features of Windows 2000 available for applications to use. The robust security architecture of Windows 2000 is used consistently across all system components and is extended to support strong authentication and public-key security.
The Windows 2000 security model has changed in order to support the Internet-based Enterprise. Some of the changes reflect advances in supporting large organizations with the Active Directory Services. Other changes take advantage of the flexibility of the Windows NT-based security architecture to integrate authentication using Internet public-key certificates.
The Active Directory provides the store for all domain security policy and account information and so provides replication and availability of account information to multiple Domain Controllers, is available for remote administration.
The Active Directory supports a hierarchical name space for user, group, and machine account information and Organizational Units can be used to group accounts. Administrator rights to create and manage user or group accounts can be delegated to the level of Organizational Units. Access rights can be granted to individual properties on user objects to allow, for example, a specific individual or group to have the right to reset passwords, but not to modify other account information.
For example, DERA's sectors might be used as the basis for creating Organizational Units in the Active Directory. Administration for each sector's users and resources could then be devolved to the sector to which they belonged to provide autonomous administration within a centrally controlled environment.
Windows 2000 supports multiple network security protocols as each provides either compatibility for existing clients, stronger, more effective security mechanisms or interoperability features for heterogeneous networks such as the Internet. As so many authentication protocols are in use today, the Windows 2000 architecture does not limit which protocols can be supported.
Using general-purpose security APIs, applications can be isolated from the details of the different security protocols. Higher-level application interfaces provided by Authenticated RPC and DCOM provide abstractions to use security services based on interface parameters.
The Windows 2000 security infrastructure supports the following primary security protocols.
Windows NT LAN Manager
Windows NT 4.0 and previous versions of Windows NT use this authentication protocol. This will continue to be supported and used for pass-through network authentication, remote file access, and authenticated RPC connections to earlier versions of Windows NT.
Kerberos Version 5
This authentication protocol is the primary security protocol for access to resources within or across Windows 2000 domains. The Kerberos authentication protocol is a mature industry standard that has advantages for Windows 2000 network authentication. Some of the benefits of Kerberos protocol are mutual authentication of both client and server, reduced server load during connection establishment, and support for delegation of authorization from clients to servers by using proxy mechanisms.
Distributed Password Authentication
This is the shared secret authentication protocol used by some of the largest Internet membership organizations , such as MSN™ Internet Service and CompuServe. This authentication protocol is specifically designed for users to use the same Internet membership password to connect to any number of Internet sites that are part of the same membership organization.
These protocols provide privacy and reliability over the Internet Secure Sockets Lalyer (SSL) is the current “de facto” standard for connections between Internet browsers and Internet information servers. (A forthcoming IETF standard protocol definition based on SSL3 is currently known as the Transport Layer Security Protocol, or TLS.) These protocols, which use public-key certificates to authenticate clients and servers, depend on a public-key infrastructure for widespread use. Windows NT 4.0 provides secure channel security services that implement the SSL/PCT protocols. The next generation of Windows security has more enhanced feature support for public-key protocols, which are described later.
Primary Security Protocols of Windows 2000
The Windows2000 operating system simplifies deployment and management of network security with Windows® IP Security, a robust implementation of the IP Security Protocol (IPSec).
The need for Internet Protocol (IP)-based network security is already great and growing. In today's massively interconnected business world of the Internet, intranets, branch offices, and remote access, sensitive information constantly crosses the networks. The challenge for network administrators and other IS professionals is to ensure that this traffic is:
· Safe from data modification while en route.
· Safe from interception, viewing or copying.
· Safe from being accessed by unauthenticated parties.
These issues are known as data integrity, confidentiality, and authentication. In addition, replay protection prevents acceptance of a resent packet.
Designed by the Internet Engineering Task Force (IETF) for the Internet Protocol, IPSec supports network-level authentication, data integrity and encryption. IPSec integrates with the inherent security of the Windows 2000 Server operating system to provide the ideal platform for safeguarding intranet and Internet communications.
Microsoft Windows IP Security uses industry-standard encryption algorithms and a comprehensive security management approach to provide security for all TCP/IP communications on both sides of an organization's firewall. The result is a Windows 2000 Server, end-to-end security strategy that defends against both external and internal attacks.
And because Windows IP Security is deployed below the transport level, network managers (and software vendors) are spared the hassle and expense of trying to deploy and co-ordinate security one application at a time. By simply deploying Windows 2000 Server, network managers provide a strong layer of protection for the entire network, with applications automatically inheriting the safeguards of Windows 2000 Security. The encryption support of Windows IP Security extends to Virtual Private Networks (VPNs) as well.
Network administrators and managers benefit from integration of IPSec with Windows 2000 Server for a number of reasons, including:
Open Industry Standard — IPSec provides an open industry-standard alternative to proprietary IP encryption technologies. Network managers benefit from the resulting interoperability.
Transparent — IPSec exists below the transport layer, making it transparent to applications and users, meaning there is no need to change network applications on a user's desktop when IPSec is implemented in the firewall or router.
Authentication — Strong authentication services prevent the interception of data by using falsely claimed identities.
Confidentiality — Confidentiality services prevent unauthorized access to sensitive data as it passes between communicating parties.
Data Integrity — IP Authentication Headers and variations of Hash Message Authentication Code ensure data integrity during communications.
Dynamic Re-keying — Dynamic re-keying during ongoing communications helps protect against attacks.
Secure Links End-to-End — Windows IP Security provides secure links end-to-end for private network users within the same domain or across any trusted domain in the enterprise.
Centralized Management — Network administrators use security policies and filters to provide appropriate levels of security based on user, work group, or other criteria. Centralized management reduces administrative overhead costs.
Flexibility — The flexibility of Windows IP Security allows policies to apply enterprise-wide, or to a single workstation.
The Microsoft Management Console (MMC) is an extensible, common console framework for management applications that has already been released for use with Windows NT 4.0 and will also be used in Windows 2000.
MMC itself does not supply any management behavior, but instead provides a common environment for “Snap-Ins”, which both Microsoft and independent software vendors (ISVs) will write, that define the actual management behavior.
A system administrator can create tools from various Snap-Ins, and then save these tools for later use or for sharing with other administrators. This approach allows the administrator to efficiently create custom tools with different levels of complexity for task delegation and task co-ordination. For example, an administrator can combine simple tasks into one tool, and then give that tool to a subordinate or trainee. The same administrator can also design different tools for daily, weekly, and monthly administrative tasks.
An example MMC screenshot is provided below. This has three snap-ins: the Event Logs, File Service Management and Services.
Screenshot: Microsoft Management Console
Group Policies define user and computer settings for groups of users and computers. A specific desktop configuration is created for a particular group of users and computers with the Group Policy Editor MMC snap-in. The Group Policy settings you create are contained in a Group Policy Object that is in turn associated with selected Active Directory objects such as sites, domains or organizational units.
Recent studies on total cost of ownership (TCO), the costs involved in administering distributed personal computer networks, cite lost productivity at the desktop as one of the major costs for corporations. Lost productivity is frequently attributed to user errors such as modifying system configuration files and rendering the computer unworkable, or to complexity such as the availability of non-essential applications and features on the desktop.
One way to address TCO is for administrators to use Group Policies to create managed desktop environments tailored to users' job responsibilities and level of experience with computers. In Windows 2000, administrators can manage desktops centrally using the Active Directory service and its Group Policy support.
With the Group Policy editor, the following settings can be specified.
· Software Policies to mandate registry settings on the desktop, including operating system components and applications
· Script Invocation such as computer start-up and shutdown, and logon and log off)
· Software Management such as the applications available to users
· User Document Settings for file deployment and redirecting special folders
· Security Settings such as local computer, domain, and network security settings
Using Group Policy, the state of users' work environments can be defined once and the system can be relied on to enforce the defined policies.
The Security Configuration Editor is an MMC snap-in designed to provide a central repository for security-related administrative tasks. This can be used to configure and analyze security on one or more Windows NT-based computers.
To provide comprehensive security administration and information, the Security Configuration Editor can configure and analyze all of the following:
System Security Policy
You can use the tool to set access policy, including how and when users can log on to the system, password policy, overall system object security, audit settings, domain policy, and so forth.
You can assign group memberships, privileges, user rights, and so forth.
You can configure the different services installed on a system, including network transport services such as TCP/IP, NetBIOS, CIFS File Sharing, Printing, and so forth.
You can use the Editor to set the security values in the system registry.
You can use the Editor to set the security for local system file volumes and directory trees.
You can use the Editor to manage the security on objects residing in the Active Directory
The Security Configuration Editor
The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication.
This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT.
© 1999 Microsoft Corporation. All rights reserved.
Microsoft, Active Directory, ActiveX, BackOffice, ClearType, FrontPage, MSN, NetMeeting, Outlook, PivotChart, PivotTable, PowerPoint, Visual Basic, Visual C++, Win32, Windows and Windows NT are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.
Other product or company mentioned herein names may be the trademarks of their respective owners.