Customer Solution Case Study
/ / Developer Turns to 64-bit Platform to Handle
Remote User Policy Management
Overview
Country or Region:United States
Industry:High Technology
Customer Profile
FullArmor, based in Boston, is a Microsoft® Certified Gold Partner that provides Group Policy management software.
Business Situation
A hospital approached FullArmor to implement security and configuration controls over a small number of PCs, but wanted to minimize the cost and overhead involved in any solution.
Solution
FullArmor developed a solution called PolicyPortal, which uses the power of Microsoft Windows Server™ 2003 R2 x64 Enterprise Edition to host Active Directory®services Group Policies remotely for the hospital.
Benefits
Enhanced performance and scalability
Efficient management of user policies
Easy migration to 64-bit platform / “The 64-bit version of Windows Server delivers superb performance capabilities and helped make PolicyPortal possible.”
Danny Kim, Chief Technology Officer, FullArmor
A New York hospital had a request for solutions to manage donated Microsoft®Windows® PCs for a children’s learning lab. The challenge: to provide an effective way to safeguard and secure PCs at minimal cost by automating administrative policy.In response, FullArmor adopted Microsoft Windows Server® 2003 R2 x64 Enterprise Edition to create PolicyPortal, an application that enables remotely hosted Active Directory® services for PCs. FullArmor took advantage of the high performance capabilities of the Windows x64-bit platform to enable many people to log in and to manage user profiles for remote computers. The Microsoft products—including Windows Server 2003 R2 x64 running Internet Information Services version 6.0, ASP.NETversion 2.0, and SQL Server™ 2005—make possible the remote management of thousands or even tens of thousands of PCs.
Situation
Small businesses and nonprofit agencies that own and operate multiple PCs often lack the resources to fully administer and secure the computers. This was the situation facing a children’s hospital in New YorkState that wanted to use donated, Internet-ready PCs for several media rooms for patients and their parents. The hospital felt that providing the PCs was a valuable service, but it lacked the resources to secure the computers properly against unauthorized configuration changes and ensure that children could not access Web sites containing inappropriate content.
In early 2005 the hospital approached FullArmor for assistance. Headquartered in Boston, the company is a Microsoft® Gold Certified Partner that provides enterprise policy management solutions.
“We faced two constraints in reviewing the project—scalability and the ability to dynamically update remote PCs with the system-user policies established by the hospital,” says Danny Kim, FullArmor Chief Technology Officer.
First, lacking an administrative server in each local media room to provide the Active Directory® service, the solution would require a central host so administrators could use all of the security and lockdown features of Active Services Group Policy.
Second, the solution would need the capability of providing remote, dynamic updates of those policies that could be delivered as Group Policy objects using Web services sent over the Internet.
“We considered building a new product using 32-bit systems and applications,” Kim says, “but the cost and effort involved in deploying multiple servers to manage the scale of this solution was not feasible.”
Solution
To meet the challenge, FullArmor turned its development efforts to the x64 Microsoft Windows Server System™integrated server software suite. Using the performance and scalability enhancements of the 64-bit operating system, FullArmor created PolicyPortal, a solution using Web services to automatically enforce Active Directory Group Policy settings on PCs that are temporarily or permanently disconnected from the directory. A lightweight software agent on the endpoint PC is used to connect transparently to the PolicyPortal at predefined intervals to check for policy updates and reset configurations compliance as needed.
PolicyPortal helps organizations such as the children’s hospital maintain secure configurations on their donated Windows® operating system–based PCs. PolicyPortal can also be used to extend directory-based policy management over the Internet to other devices, such as notebook PCs, home-based PCs, kiosks, and ATMs.
Kim says PolicyPortal acts like a “virtual Active Directory server,” supporting the requirements of enterprises like the hospital to enforce specific policies on disconnected machines without incurring the costs and other overhead associated with managing Active Directory servers.
FullArmor hosts the solution for the hospital, using input from hospital managers to establish Group Policy settings for the hospital’s media room PCs.
FullArmor’s development group did its initial development of PolicyPortal on the x86-based Windows operating system and used Microsoft Visual Studio® 2000, SQL Server™ 2000, Internet Information Servicesversion 6.0, and ASP.NET using Visual C#®development tool to prototype the application.Midway through the project, the developers migrated the code to the 64-bit environment running on Intel EM64T hardware and the Microsoft Windows Server® 2003 R2 x64 Enterprise Edition operating system. The Visual Studio 2005 development system was used for development work, and SQL Server 2005 was used for storing and creating reports on the Group Policy objects. SQL Server is also part of Windows Server System integrated software platform.
Benefits
Kim says the 64-bit edition of Windows Server delivered the performance and scalability needed so that FullArmor could fulfill its business model of delivering hosted Active Directory services over the Internet. FullArmor easily implemented the hospital’s Group Policy criteria—for example, limiting access to certain Web sites and removing all administrative functions such as the Control Panel from the user interface—and then seamlessly delivered the policies to the media room PCs over the Internet. And Kim says the migration to the 64-bit Windows platform was simple to make, with very few code changes required on the part of his company’s development team.
Enhanced Performance and Scalability
For PolicyPortal to be successful, Kim says FullArmor needed a highly scalable platform that could remotely handle many PCs without strain. This capability is provided by the 64-bit computing power of Windows Server 2003 R2 x64. It includes support for vastly greater physical memory and virtual memory space, which enables scenarios not possible using 32-bit computing platforms. The 64-bit operating system also provides improvements in memory management, expanded registers, and I/O subsystems, which provide substantial performance gains.
“Our goal for PolicyPortal is to license it out to organizations such as Internet Service Providers and hosting providers who can offer remotely based Active Directory services for thousands or tens of thousands of users,” says Kim. “With PolicyPortal, administrators who log in are running their own instance of Active Directory and modifying their own group policies. That requires a lot of memory, which in turn mandates bigger and better use of server hardware. The 64-bit version of Windows Server delivers superb performance capabilities and helped make PolicyPortal possible.”
Efficient Management of User Policies
“With the power and scalability of the 64-bit Windows Server System platform,” Kim says, “it is now possible to use a remote hosting model to expand Active Directory services to individuals and organizations that did not have access to it in the past, such as small businesses, branch offices, or companies with minimal administration infrastructure.”
At the same time, the ease of use in the solution and the effectiveness of the 64-bit Windows Server System in managing high-performance scenarios minimizes the effort that customers need to put into implementing Active Directory services.
“It was simply overkill in terms of cost and administrative complexity for the hospital to put a server in one of its media rooms to manage user profiles on five or six PCs,” says Kim.
“This is an elegant, efficient way to provide Internet access without having to put much effort into managing and monitoring the PCs. When we first deployed the solution, users did not even notice that the machines were receiving user policies. That's how seamless and effectively it worked.”
Easy Migration to 64-bit Platform
Kim says that the development group initially worked on the 32-bit Windows platform to ensure that any glitches in the application could be quickly identified and would not be confused with the code in the 64-bit Windows Server operating system, which was still in beta testing at the time. Any concerns about compatibility, however, were allayed when the group ported the project to the 64-bit system.
“The code migration was amazingly easy,” he says. “The technologies we used, such as Visual C#, ASP.NET, and the Microsoft .NET Compact Framework 2.0, helped us tremendously and enabled us to migrate about 90 percent of the code 64-bit platform without any changes. We also seamlessly migrated the entire database component of PolicyPortal from the 32-bit SQL Server 2000 to the 64-bit SQL Server 2005 without any changes at all. The entire migration process only took about four weeks. That’s unprecedented in my view.”
Kim says, “With the power of the 64-bit Windows Server System family, building high-value products using the latest integrated development environment tools like Visual Studio 2005 is easy and helps developers create compelling new solutions like PolicyPortal.”
“As the number of client computers that move in and out of the directory continues to grow, organizations are faced with the monumental task of enforcing security policies on these endpoints,” he adds. “The capabilities in the new Windows technologies make possible solutions like PolicyPortal. That, in turn, helps more users take advantage of enterprise-scale applications and features such as security management for their PCs.”
Windows Server 2003 R2
The Microsoft Windows Server 2003 R2 family helps organizations do more with less. Now you can: Run your IT infrastructure more efficiently; Build better applications faster; Deliver the best infrastructure for enhancing user productivity. And you can do all this faster, more securely, and at lower cost.
For more information about Windows Server 2003 R2, please visit: