Microsoft Corporation
March 12, 1996
As thousands of companies rush to establish a presence on the Internet, many are discovering its architecture has potential as an internal corporate network as well as an external publication platform. One industry analyst calls the Internet "the greatest catalyst for change and growth in the IT industry since the PC and LAN 15 years ago."
This paper examines how Microsoft® SQL Server enables organizations of all sizes to exploit the power of the Internet. Integrating SQL Server with an Internet or intranet allows organizations to build active Web sites that publish real-time information, provide interaction and customization, conduct business on the Internet securely and reliably, and develop corporate intranets, giving users new tools to access business information, without compromising security and data integrity.
The Internet represents the dawn of a new era of global communications and wide-area public networks. It is a technological revolution at least as important as the development of the personal computer. Microsoft believes that businesspeople, consumers, students, and users of all types can benefit from a full integration of these two revolutions—the Internet and the PC. Microsoft's strategy is to work openly with customers, other companies, and industry groups to realize the full potential of the Active Internet. The next generation of powerful Internet applications promises to make the Internet more exciting and useful by seamlessly integrating audio, video, 3-D animation, and more.
Microsoft's strategy to support business on the Active Internet is exactly the same as its overall distributed-computing strategy—to provide the network foundation for distributed computing (Microsoft® Windows NT® Server); a family of integrated server applications (BackOffice™); distributed object and systems technology (Win32® and OLE); a complete set of development and authoring tools (Visual Basic®, Java™, Java Script™, Front Page™, Internet Studio); and a set of desktop applications (Office) and systems (Windows® 95 and Windows NT Workstation) that take advantage of all these features for an integrated view of the world.
Many organizations have already realized the benefits of the Internet as a means to rapidly publish information. Companies today are using the World Wide Web primarily as an electronic storefront, billboard, or Yellow Pages ad. Many have applied these same principles to internal communication, establishing intranets, or private Web-based networks to exchange mission-critical information across local, regional, and even global enterprises. Until now, this information has been predominantly static, preformatted Hypertext Markup Language (HTML) documents, not interactive, user-centric applications.
The same forces that have driven the evolution of client/server technology are now at work driving the Internet toward a more dynamic and interactive environment. Whether in traditional distributed computing or on the Internet, businesses and users need to access and manage an ever-expanding amount of information, from anywhere, at any time.
By connecting Internet or intranet Web servers to relational databases like Microsoft SQL Server, many organizations have moved beyond static document publication to an Active Internet, where content is generated dynamically from a database, automatically or in response to a user request. An Active Internet application may use electronic forms to collect orders, customer information, and other transactions, and then store them in a relational database. The database, in turn, allows processing, retrieval, and analysis with a variety of off-the shelf-tools. An Active Internet can store information in a single, secure place—without duplication—regardless of whether that information is accessed internally or over the World Wide Web.
Progressive companies are driving the Web in a new and even more interesting direction, where business can be conducted over the Internet. These companies are building a new class of Active Internet business applications, based on products like Microsoft Internet Information Server, Microsoft SQL Server, and the BackOffice family of products.
The Active Internet is a new type of distributed client/server environment that extends beyond traditional corporate IT boundaries. A major requirement for an Active Internet is a secure, reliable, and scaleable place to store information. Microsoft SQL Server was built from the ground up as a scaleable, high-performance database management system, designed specifically for the unique requirements of distributed client-server computing. SQL Server has been fulfilling this role in business-critical environments for several years.
As the Internet and intranets become more complex and more heavily trafficked, managing incoming and outgoing information becomes even more difficult. By applying basic distributed computing and client/server principles to this new frontier, companies can reduce the risk and the complexity of doing business on the Internet. Integrating Microsoft SQL Server with the Internet or an intranet allows organizations to:
As businesses explore new ways to leverage the Internet for business operations, they have been quick to recognize that most of the business content they would like to publish is already being managed by a relational database management system. These businesses also realize that today's Web sites are measured not on content alone, but also on presentation and the level of interaction. The more popular sites capture the Web user's interest by publishing real-time information and building customized pages. These sites put users in control, allowing them to browse large volumes of data and provide input. It takes a client/server database like Microsoft SQL Server to accomplish this.
Ethos Corporation, for example, is an interactive service provider delivering up-to-the-minute financial news and research information to more than 300,000 online investors weekly. Their Web site, Investors Edge at http://www.investorsedge.com/, is among the most active financial services on the Internet, offering online stock quotes, corporate summaries, financial news, and personal portfolio analysis. Microsoft SQL Server drives this site, collecting, managing and publishing the real-time financial data while averaging 3.4 million transactions per day.
Personal portfolio analysis brings a new level of customization to the Investors Edge Web site, allowing each user to build an individual portfolio of 15 stocks to be tracked over time. Once established, a portfolio is only accessed with a unique user id and password combination, displaying a completely personalized Web page of the user's stock performance history. This sensitive information is protected by the integrated C-2 security of Windows NT Server and SQL Server.
Many organizations are already realizing the benefits of extending the enterprise, that is, connecting existing business systems to the Internet. By automating the communication and processes between customers and suppliers, businesses become more efficient. But electronic commerce is progressing more slowly than expected. Fewer than 10 percent of Internet users make regular online purchases. The biggest deterrents for conducting business on the Internet are data integrity and security.
Security on the Internet is critical to both extending the enterprise and conducting electronic commerce. The industry has focused on defining technologies and industry standards to secure the communications between Web servers and browsers. Technologies and standards include encryption, secure transaction, user authentication, and signed-code or digital signatures. Microsoft and its partners have participated in the development of several important new technology standards, including Secure Sockets Layer (SSL), which is a secure protocol providing data encryption, server authentication, and message integrity for a TCP/IP connection, and Secure Electronic Transactions (SET), which is a technical standard for safeguarding payment card purchases made over open networks like the Internet.
While these are critical components in providing a secure environment for conducting business on the Internet, they only address part of the security problem. Looking at traditional client/server environments gives insight into other security issues. Controlling user or application access to information is a fundamental security requirement of any business application. Data and transaction integrity are also critical in any multi-user business environment, ensuring that all transactions are either fully completed or are rolled back so that every user's view of data is consistent and reliable.
These security and integrity issues were solved for traditional business applications years ago by Microsoft SQL Server technologies, such as user and application security, data integrity and concurrency controls, datastream encryption, data replication, and transparent distributed transactions. Solving these issues for the Internet doesn't require new technology. Applying SQL Server technology to the Internet gives you proven solutions to the challenges of data security and integrity.
Data Track Systems, Inc.(http://www.datatrac.com/), a Value Added Network provider specializing in the electronic ordering and receipt real estate settlement services, is using Microsoft SQL Server to solve the challenges of conducting business transactions on the Internet. Data Track Systems is deploying an Internet application built on Microsoft SQL Server, easily allowing real estate agents to order and track title, credit, property valuation, escrow, and home inspection services. By providing open and secure Internet access between requesters and vendors along with integrated billing services, Data Track Systems creates efficiencies in ordering, processing, and delivery of settlement documents, resulting in cost reductions and faster turnaround.
Internet and intranet servers both need to augment anonymous user control with specific per-user and per-group access control. Microsoft Internet Information Server and Microsoft SQL Server both build on the Windows NT Server security model to deliver Internet-specific security features, such as control over anonymous access, network or host-based access, and secure Internet authentication.
Consider a group of intranet users who have been given access to a particular Web site. With client authentication, users can identify themselves to Internet Information Server and gain access to those directories and files marked as readable only by the group. Because of the full-featured Windows NT Server user accounts database, any number of overlapping groups can be created and granted differing access to resources on the server. Taking this a step further, if the groups are authenticated by Windows NT Server, they are also authenticated to SQL Server; therefore you don't have to maintain multiple security databases.
Microsoft SQL Server replication solves the traditional client/server challenge of distributing and synchronizing information throughout an organization, while guaranteeing integrity and reliability. Replication solves a similar set of problems for Internet and intranet sites, allowing Webmasters to manage and synchronize multiple copies of published information. Replication also allows an organization to avoid exposing sensitive database information on an intranet by selectively replicating data from production SQL Servers to a Web-connected SQL Server. Microsoft SQL Server version 6.5 can replicate complex text and image data popular on Web sites.
Most medium-to-large companies today have significant investments in their information systems infrastructure. Information is stored in a variety of different, and often incompatible, database management systems. The vast majority of these legacy systems provide no integration with the Internet. With Microsoft SQL Server compatible middleware solutions like Microsoft TransAccess® or Information Builders Inc.'s EDA/Open Database Gateway, customers can integrate data across the enterprise onto the Internet.
Business use of internal Internets, called intranets, will grow as corporations find them the best foundation for wide area networks. Intranets let colleagues work together, whether they're around the corner or around the globe. While exact figures are hard to come by, industry analysts estimate intranet web sites outnumber Internet Web sites ten-to-one—an amazing growth rate considering no intranets existed three years ago!
To support this shift, Microsoft is making internal business use of the Active Internet a key strategic focus. For example, on the desktop, Microsoft is making Windows clients (Windows 95 and Windows NT Workstation) the best Active Internet clients by designing Internet capabilities into the operating systems themselves. Microsoft has enhanced Office—the leading choice in business productivity software—so that Office tools serve as Web creation tools. Microsoft has also offered free viewers, which let users read Office documents, even if they don't have Office installed on their local PCs. Microsoft has integrated Web protocols—TCP/IP and HTTP—into its server platform (Windows NT Server), allowing Internet users to share, search, and use Web pages and documents the same way they use files and applications on the LAN. With Microsoft SQL Server 6.5, Microsoft is extending its industry leading distributed client-server database to be the best engine for corporate intranet applications.
Business applications on corporate intranets have the same requirements for security and integrity as their Internet counterparts. Organizations developing and deploying intranet applications are benefiting from the same proven technologies—user and application security, data integrity and concurrency controls, datastream encryption, data replication, and transparent distributed transactions—that make Microsoft SQL Server the best platform for conducting business on the Internet.
George Weston, for example, went live in February with an intranet employee benefits application supporting over 1,500 users. With SQL Server as the content engine, Weston has a scaleable and secure system that is easy to support and maintain. Also, since the information is being published from SQL Server, Weston employees responsible for keeping information up-to-date don't have to become an expert in HTML. They can continue to use familiar tools like Microsoft Access to make necessary changes.
From its foundation of superior performance, reliability, and scalability to its tight integration with Microsoft Internet Information Server and the other BackOffice products, Microsoft SQL Server is unquestionably the best database platform for the new breed of Internet applications. Microsoft SQL Server version 6.5 builds on this success by introducing a number of tools and technologies that provide significant advantages over alternative solutions:
Traditionally, Common Gateway Interface (CGI) scripts have been used to add functionality to standard HTML forms, such as linking forms with a SQL database. Each field on an HTML form may require 25 lines of CGI script to link it with a database. This model requires a high level of up-front programming. Any modifications are extremely labor intensive, given the one-to-one correspondence between the form field and the CGI script. The lack of quality database connectivity tools is partially responsible for the slow migration of commercial and business applications to the Internet.
Figure 1 graphically demonstrates how the Internet Database Connector (IDC) and the SQL Server Web Assistant enable seamless connectivity with SQL Server data. The IDC, or pull model, allows a Web user to initiate dynamic user driven queries from within an HTML document to a SQL Server, which retrieves or updates information in a database. The SQL Web Assistant, or push model, allows a database administrator or Webmaster to define a set of data (a query or stored procedure), which is automatically merged into an HTML document either on a scheduled basis or when the actual data changes.
Figure 1. Microsoft provides two powerful and complimentary tools for integrating SQL Server with the Web—the Internet Database Connector (IDC)and SQL Server Web Assistant
The IDC is an Internet server application programming interface (ISAPI) application that uses Open Database Connectivity (ODBC) application programming interfaces (APIs) to send and retrieve information between SQL Server and the Internet. The IDC provides the ability to create direct links between fields on HTML forms and SQL Server data without the need for complicated CGI scripts. Organizations are already using the Internet Database Connector to:
Conceptually, database access is performed by Internet Information Server as shown in Figure 2.
Figure 2. The Microsoft Internet Information Server and the IDC allow Internet users access to databases.
The Internet Database Connector uses two types of files to control how the database is accessed and how the output Web page is constructed. These files are Internet Database Connector (.idc) files and HTML extension (.htx) files.
The Internet Database Connector files contain the necessary information to connect to the desired ODBC data source and execute the SQL statement. An Internet Database Connector file also contains the name and location of the HTML extension file.
The HTML extension file is the template for the actual HTML document that will be returned to the Web browser after the database information and the extension file have been merged. This allows static text, graphic images, or even real-time video to be combined with database information on the same Web page.
The Internet Database Connector is ideal for building a new class of Active Internet applications that allow the user to view and update information in a database. Applications like event registration, loan application processing, and on-line banking can be created using this technology.
Microsoft SQL Server Web Assistant, one of the new Internet extensions available in Microsoft SQL Server 6.5, provides the ability to easily and automatically generate Web pages formatted in HTML. Used in conjunction with an appropriate Web server product, the Web Assistant publishes Microsoft SQL Server-based information from anywhere in an organization.
The Web Assistant uses a step by step, wizard-like interface that walks a DBA or Webmaster through the process of creating a query, formatting output, and scheduling the query execution—making it easier than ever for customers to create interactive, database-driven Web sites with automated information content. Using a data "push" model, the Web Assistant automatically publishes information out of a SQL Server database directly to the Web page. The data can be updated automatically—on a regular scheduled basis or whenever relevant data changes. The data remains accessible to any existing client/server application as well as to the Web.
The Web Assistant is particularly valuable for publishing large amounts of database information that will be the same for all visitors to a Web site, such as price lists, inventory or on-line catalogs. The Web Assistant is helpful in publishing time-sensitive or dynamic data, where users need to view it in real-time, such as stock quote information. The Web Assistant is resource-efficient, executing the query only once, regardless of how many people visit the page.
Traditional client/server relational database management system (RDBMS) user-based licensing models, where customers are charged for the number of concurrent users accessing the database, have proven unworkable for the Internet. The Microsoft SQL Server Internet Connector provides a simple, flexible, and cost-effective way for customers to license their databases for use on the Internet or corporate intranets.
The Microsoft SQL Server Internet Connector license is an open solution, providing access to Microsoft SQL Server from the Microsoft Internet Information Server or from third-party Web servers. The SQL Server Internet Connector allows an unlimited number of Internet and intranet connections to a single SQL Server.
The Microsoft SQL Server Internet Connector license will support customers using either Microsoft SQL Server version 6.0 or Microsoft SQL Server version 6.5. For more information, see "Microsoft SQL Server Internet Connector Q & A" at http://www.microsoft.com/SQL/netqa.htm.
For more than two years, Microsoft has been engaged in strategic development for the Active Internet, with the goals of making it easy for customers to get on the Internet, making it safe and reliable for significant business and consumer applications, and creating a viable business model that will support the industry and its consumers.
As a result, Microsoft is well positioned to devise and implement a comprehensive Active Internet strategy to meet the needs of corporate users, consumers, content creators, software vendors, Web publishers, and other information providers for a unified computing and Internet experience.
To deliver the full potential of the Active Internet, Microsoft recently introduced ActiveX™ technologies, a robust framework for creating interactive content using software components, scripts, and existing applications that can be embedded in HTML documents. Specifically, ActiveX technologies enable developers to build Web content easily using ActiveX controls (formerly OLE Controls), ActiveX scripting, and ActiveX documents.
The ActiveX server framework allows developers to create rich, interactive applications for Microsoft BackOffice, leveraging their existing experience, knowledge, and tools. ActiveX server controls and ActiveX server scripts, written with a variety of scripting languages like Visual Basic Scripting Edition, PERL, and JavaScript, become the building blocks for the next generation of server-driven active content. Together, these ActiveX controls and scripts make it even easier for organizations to integrate Microsoft SQL Server, and the other BackOffice products, with the Internet for building active Web sites, conducting business, and developing corporate intranets.