Secure Microsoft Enterprise Services white Paper
Release Date: September 2000 version 1.0
Summary
This white paper is one of a series of articles on the Microsoft© Enterprise Services (ES) framework. For a complete list of this series of publications, visit the ES Web site: http://www.microsoft.com/enterpriseservices/.
This white paper describes the functionality and critical issues of security management in an application service provider (ASP) environment. Anyone who reads this paper should first read the Microsoft Operations Framework Executive Overview White paper, which contains important background information about the topic.
Introduction
Summary
This paper discusses examples of the best practices for ASP security management. It focuses on common problems faced by Application service providers (ASPs). It contains information about microsoft®windows®2000, Microsoft Internet Information Server 5.0, Microsoft Exchange Server, and Microsoft SQL server™7.0 information, but the methods discussed are not limited to these products.
Security management focuses on the security of information or processing. For information technology, information is the core of its existence. Any threat or information processing will directly endanger the performance of the ASP. Whether or not those threats involve confidentiality, integrity or timeliness of information, availability of processing functionality, or confidentiality, security must take into account those threats that pose a risk.
Reader Object
This white paper is for two types of readers. The goal is to provide effective help for security administrators and technicians. The beginning of this white paper defines security management in a non technical way. The other part is very technical, specifically for the ASP's developers and technicians. Although this white paper is intended for two different audiences, the entire document is valuable to both sides.
Microsoft Operational framework and Enterprise Services
The Microsoft Operations Framework (MOF) is a collection of best practices, principles, and schemas. It provides comprehensive technical guidance for achieving the reliability, availability, support, and manageability of mission-critical product systems in Microsoft products and technologies.
MOF is one of the three frameworks that make up an enterprise service framework. Each ES framework is geared towards a different and essential phase in the information Technology (IT) lifecycle. Each framework provides useful and detailed information about the people, processes, and technologies needed for successful implementation in their respective areas. The other two ES frameworks are the Microsoft Readiness Framework (MRF) and Microsoft Solution Framework (MSF). The following figure describes how each framework is used for enterprise services.
Enterprise Services Framework
The Microsoft Readiness Framework assists IT organizations in their personal and collective readiness to use Microsoft products and technologies. The guide includes assessment and preparation of work plan tools, learning Guide charts, white papers related to preparation, self-paced training, courses, certification exams, and preparation work events.
The Microsoft Solution Framework provides guidance for the planning, creation, and deployment phases of the project lifecycle. The Guide covers Enterprise architecture, application development, component design, and infrastructure deployment in the form of white papers, deployment guides, accelerated solutions, solution kits, case studies, and courseware.
The Microsoft operations Framework includes a comprehensive set of operational guidelines in the form of white papers, operations guides, assessment tools, operational kits, best practices, case studies, and support tools for people, processes, and technical arrangements for effective management systems in today's complex, distributed IT environments.
Microsoft Operational Framework Overview
Providing high levels of availability and reliability for the enterprise to consumer Web sites requires not only good technology, but also complete operational processes. Based on industry experience and best practices, Microsoft has created the knowledge base needed to build and run these processes. This document is part of the knowledge base encapsulated in MOF. The framework is based on two important concepts: service solutions and IT service management.