Dynamics NAV Hosting Guide - Liberty Grove Software

Microsoft Dynamics NAV

Hosting Guide White Paper Best practices for successfully hosting Microsoft Dynamic NAV

Date: June 2009

Contents Audience ............................................................................................................................. 4 Compatibility ...................................................................................................................... 4 Authors ............................................................................................................................... 4 Introduction ........................................................................................................................ 5 Objectives........................................................................................................................... 7 Hosted architecture for Microsoft Dynamics NAV principles ..................................... 8 Remote access technologies ............................................................................................................... 8 Security ......................................................................................................................................................... 9 Secure peripheral network ...................................................................................................................................................... 9 Authentication.............................................................................................................................................................................10 Securing the service tier ........................................................................................................................................................11

Performance ............................................................................................................................................. 13 Load balancing ..........................................................................................................................................................................13 Database optimization ............................................................................................................................................................13

Hosting compliancy ........................................................................................................ 14 SAS 70 Certification ............................................................................................................................... 14 Software + Services Incubation Centers ....................................................................................... 14 Service Level Agreement ..................................................................................................................... 14 Licensing options............................................................................................................ 16 The differences between the BRL and the SPLA license: ......................................... 16 Hosted Microsoft Dynamics NAV Platform recommendations ................................. 17 Hosting platform model ......................................................................................................................... 17 Hardware specifications ....................................................................................................................... 18 Terminal Servers specifications..........................................................................................................................................18 RTC deployment .......................................................................................................................................................................18

OS specifications .................................................................................................................................... 18 SQL Server specifications ................................................................................................................... 19 Network considerations ........................................................................................................................ 20 Server virtualization................................................................................................................................ 20 What is Hypervisor? ................................................................................................................................................................20 Virtualization for Microsoft Dynamics NAV ....................................................................................................................20 2 MICROSOFT DYNAMICS NAV HOSTING GUIDE

Service Tier server sharing ................................................................................................................. 21 Office integration ..................................................................................................................................... 22 Hosted Microsoft Dynamics NAV specific configuration tips................................... 23 Microsoft Terminal Services settings .............................................................................................. 23 Performance enhancement ..................................................................................................................................................23 Local client devices redirection ...........................................................................................................................................23

Security/Active Directory ...................................................................................................................... 24 Group policies .......................................................................................................................................... 25 Time zone redirection .............................................................................................................................................................25 Locking Terminal Server session .......................................................................................................................................26

Microsoft Dynamics NAV License .................................................................................................... 26 SQL Server settings multi-instance optimization ........................................................................ 27 Configure SQL Instance CPU Affinity ..............................................................................................................................27

Backup ........................................................................................................................................................ 27 Administration ................................................................................................................. 29 Service provisioning ............................................................................................................................... 29 Control panels .......................................................................................................................................... 29 Platform infrastructure management ............................................................................................... 30 Monitoring .................................................................................................................................................. 30 Availability monitoring .............................................................................................................................................................30 Proactive monitoring ................................................................................................................................................................30

Known issues .................................................................................................................. 31 Time zone issue with RTC .................................................................................................................. 31 Microsoft Dynamics NAV 2009 database can only run on SQL default instance .......... 31 RTC Client doesn’t work with Windows mandatory profiles ................................................... 31 Certain Language requires dedicated Terminal Server ........................................................... 31 References ....................................................................................................................... 33

3 MICROSOFT DYNAMICS NAV HOSTING GUIDE

Audience This documentation is primarily for ISVs, VARs, and Hosting Partners who plan on hosting Microsoft Dynamics NAV. It is also intended for end users who would like to understand what it means to have their Microsoft Dynamics NAV platform hosted, rather than located on their premises. While solution architects and system administrators are the main target, implementers might also find the content relevant.

Compatibility The following information has been validated for NAV 5.0, NAV 5.0 SP1 and NAV 2009. The content may change with upcoming updates of NAV like NAV 2009 SP1.

Authors This document was co-authored by SaaSplaza (Netherlands and USA). SaaSPlaza is a Microsoft Software + Services Incubation Center that currently hosts the complete portfolio of Microsoft software products including Microsoft Dynamics products.


Introduction The decision to host an ERP such as Microsoft Dynamics NAV cannot be taken lightly, and a thorough analysis of the pros and cons should therefore always be conducted beforehand. Also, there are many flavors of hosting-models to adopt, ranging from a traditional collocation contract at a data center to a modern delivery method, such as software-as-a-service (SaaS). All of these hosting models have a lot in common and also share many architectural challenges, such as security, performance, and reliability issues. They are, however, essentially enabled with the implementation of proven remote access technologies like Microsoft Terminal Services and Citrix XenApp. In fact, it is very common for these technologies to be associated with the architecture even when Microsoft Dynamics NAV is deployed on-premise because of the benefits. For instance, it simplifies desktop deployment, improves performance, and makes the access of the software possible from outside the office network. The good news is that these advantages are sustained with the hosted approach. There are also many more advantages to add to the list. The first immediate value of hosting Microsoft Dynamics NAV is that it will shift the reliance on internal IT to a Service Levels Agreement (SLA) with the service provider (SP). This is especially important for businesses with a reduced IT staff, as this allows them to focus on their core business. Economy of scale also helps reduce infrastructure costs (hardware, software, talent), and hosting contracts usually lower the initial investment. Hosting Microsoft Dynamics NAV also enables the delivery of its great functional value as-a-service. This approach even leverages the same execution platform for multiple instances. Microsoft Dynamics NAV is not considered multi-tenant today, mainly because each implementation requires its own database. However, it is possible to build a shared execution infrastructure using, for example, virtualization technologies. They have become very reliable today thanks to their alignment to the Hypervisor standard, and they play a major role in providing an even more costeffective platform. Microsoft Dynamics NAV is supported on Microsoft Hyper-V.


The illustration below shows how to situate Microsoft Dynamics NAV in relation to the different hosting models.

Hosting Microsoft Dynamics NAV

Finally, it is important to highlight that hosting Microsoft Dynamics NAV doesn’t disrupt the current ecosystem of Dynamics Partners (VARs) and Independent Software Vendors (ISVs). Custom implementations, added-value software, and vertical solutions are still compatible with any hosting model. In fact, SaaS is seen by many as a means to invigorate the business and foster new opportunities.


Objectives The objectives of this document are to provide the audience with pragmatic information based on real experience and to define the requirements for hosting projects for Microsoft Dynamics NAV. While this document can be used as guidelines, it is not a substitute for the actual installation documentation associated with the different components of the solution. It proposes an architectural model as well as technical recommendations to guide you towards building your own hosting platform for Microsoft Dynamics NAV. It works under the assumption that remote access technologies such as Windows Terminal Services and related expertise are well known and understood. Also, it refers to existing documents on how to set up and configure Terminal Services and is not intended to replace these instructions. Note that this document focuses solely on the hosting-centric technologies and know-how. It should not be used as a large-deployment or performance guide. Microsoft Dynamics NAV optimization and scalability knowledge is vastly reusable in a hosting context and remains the responsibility of the Microsoft Dynamics NAV partner. In case you decide to leverage the services of a hosting partner to provide you with a platform to host Microsoft Dynamics NAV, you can also use this document to benchmark and better evaluate different hosting proposals.


Hosted architecture for Microsoft Dynamics NAV principles Remote access technologies Remote access technologies permit ordinary Windows applications to be run on a suitable Windows server and for any supported client to access those applications. In the context of Microsoft Dynamics NAV, the Classic Client or Role Tailored Client (RTC) are installed on the remote server (just like they would be on a user workstation) and accessed remotely by a client machine. Specific protocols like RDP (Microsoft Terminal Services) or ICA (Citrix) are put in place between the client and the server. They provide for the feedback of user input from the client to the server, and for a variety of means for the server to send graphical output from the running application to the client.


With third-party technologies (Citrix XenApp, 2X, etc.) or with Windows Server 2008, this approach can be extended to remote application publishing. In this case, only selected applications (as opposed to the overall Windows desktop) are actually rendered to the end-user, providing a much more seamless integration.

Security This is probably the aspect of architecture that requires the most attention. When Microsoft Dynamics NAV is hosted, it means that it will run on a different network than the one the end-user is connected to. Secure peripheral network Using a VPN

In order to secure the connection to the hosting platform, it is necessary to set up a Virtual Private Network between the end user and the hosted platform. VPN Authentication goes beyond providing username and password. For example, it can restrict access to the platform to only selected IPs, or it can require a client certificate. While VPN connections add an overhead to the data transmission, this is negligible in terms of altering the overall performance. Using remote access protocols over the Internet

While VPNs provide a reliable, secure access, it is also possible to connect to the platform and leverage the Internet in a less elaborate way. Remote access protocols such as RDP or ICA can in fact be transported over HTTPs. In this scenario, the client connects to a TS Gateway server sitting on the peripheral network using SSL. In turn, the TS Gateway will redirect the connection to the proper Terminal Server, Which typically sits behind a firewall. 9 MICROSOFT DYNAMICS NAV HOSTING GUIDE

Note that this feature is available in Remote Desktop Connection 6.0 (RDC) and is available only when the remote computer is running Windows Vista or Windows Server 2008. Third-party technologies can also achieve this with Windows Server 2003. Authentication Same domain controller

In cases where the end user workstation and the Terminal Server use the same domain controller, the authentication leverages Kerberos. Note, however, that this scenario is not very likely to occur because data centers will have their own domain. Different domain controllers

In cases where the end user workstation and the Terminal Server use different domain controllers, the end user is authenticated on his own domain controller. When connecting to the data center, a new authentication needs to take place on the remote domain controller. The hosted domain controller can be dedicated, shared using a different organizational unit (OU) or configured as an AD forest. Considering that Microsoft Dynamics NAV (unlike Exchange, for instance) doesn’t require a distinct delineation between Configuration, Schema, and Global Catalog of one organization against another, the most probable scenario is that the hosted domain controller will separate organizations with OU.


In both scenarios, Microsoft Dynamics NAV authentication will rely on Windows Authentication versus Database Login, as it is not possible to remotely authenticate a remote user with a SQL login. Security enhancement

It is possible to use the Windows Terminal Services Gateway server with the Microsoft Internet Security and Acceleration (ISA) Server to enhance security. In this scenario, you can host TS Gateway servers in a private network rather than a perimeter network and host the ISA Server in the perimeter network. The SSL connection between the Terminal Services client and the ISA Server can be terminated at the ISA Server, which is Internet-facing.

The ISA Server helps enhance security by decrypting incoming SSL traffic. It statefully inspects the traffic for malicious code, and then blocks connections that contain suspicious packets or packets that reflect known exploits. ISA Server also performs stateful HTTP filtering, which provides deep inspection of HTTP application content. Securing the service tier

For Microsoft Dynamics NAV 2009 RTC deployment, you can use the Network Service account for the Microsoft Dynamics NAV Server service, which is a default setting. This alternative is considered less secure because the Network Service account is a shared account that can be used by other, unrelated network services. In a hosting environment, we recommend running the Microsoft Dynamics NAV Server service under a dedicated domain user account, which is more secure but 11 MICROSOFT DYNAMICS NAV HOSTING GUIDE

requires additional work by a domain administrator. This domain account is specific to a tenant organization and each organization has its own account. We recommend following the latest instructions (Walkthrough: Installing the Three Tiers on Three Computers) located on MSDN at http://msdn.microsoft.com/enus/library/dd301254.aspx.


Performance Load balancing

Since remote access technologies support a concurrent connection for many Microsoft Dynamics NAV users, it's important to make sure of two things. First, each Terminal Server should be fully redundant. Second, the load should be distributed between multiple servers to ensure optimal service quality for users.

Supplemental technologies (such as Network Load balancer or Terminal Server Broker) allow you to easily load balance RDP or ICA sessions between Terminal Servers and to provide fault tolerance. In addition, if you are allowing users to login from the internet, you can hide the backend terminal services from the internet and only expose one single gateway machine. In this way, you significantly enhance the security of your Terminal Servers. Database optimization

It is crucial to understand that choosing to run a hosted Microsoft Dynamics NAV instead of an on-premise deployment won’t have an impact (negative or positive) on database performance. The backend needs to be designed, sized and optimized with the same attention. Also, do not assume that because a data center hosts Microsoft Dynamics NAV for several different customers, the sum of all users’ usage will impact the overall performance. Remember that each deployment must have its own isolated database instance or server. See the recommendations section for more details. 13 MICROSOFT DYNAMICS NAV HOSTING GUIDE

Hosting compliancy Considering the sensitive nature of the information managed in Microsoft Dynamics NAV (accounting, financial, etc.), it is crucial that the hosting provider has the credentials necessary to earn the confidence of the end users. SAS 70 Certification SAS 70 (the Statement on Auditing Standards No. 70) defines the standards an auditor must employ in order to assess the contracted internal controls of a service organization. Service organizations, such as hosted data centers, insurance claims processors, and credit processing companies, provide outsourcing services that affect the operation of the contracting enterprise. SAS 70 was developed by the American Institute of Certified Public Accountants (AICPA) as a simplification of a set of criteria for auditing standards originally defined in 1988. Under SAS 70, auditor reports are classified as either Type I or Type II. In a Type I report, the auditor evaluates the efforts of a service organization to prevent accounting inconsistencies, errors, and misrepresentation, and the likelihood that those efforts will produce the desired future results. A Type II report includes the same information as that contained in a Type I report. In addition, the auditor will attempt to determine the extent to which agreed-on controls have been operating effectively between the time they were implemented and the present. Software + Services Incubation Centers Members of the Microsoft Software +Services Incubation Center program are certified Microsoft partners who have passed our Hosting Competency exams and are actively hosting a variety of Microsoft platform technologies for ISVs. In addition, these service providers offer special workshops on Software + Services business strategy and technical architecture. Service Level Agreement This is the contract between the service provider and the end user (partner) that guarantees the service. The main element at stake in this contract is the availability of the service. Unavailability is defined as occurring when a service cannot be accessed by any user due to an unplanned event. Downtime is the period of time during which the service is unavailable. In determining the monthly downtime (DT), downtime as a result of maintenance overrun is included, even if this falls within the maintenance window. Depending on the service, downtime is measured and determined by automated detection mechanisms if these have been configured for the service, or are established on the basis of the registration of downtime following Incident reports. 14 MICROSOFT DYNAMICS NAV HOSTING GUIDE

The availability percentage (A) of services is determined and reported per month, over the preceding month, and is calculated according to the formula below. A=

MMA - DT

* 100%

-------------------------

MMA The maximum monthly availability period (MMA) is equal to the number of hours per month. An availability of at least 99.9% is the baseline for service providers who intend to support an ERP type of application such as Microsoft Dynamics NAV.


Licensing options Hosting Microsoft Dynamics NAV still leaves the customer with a choice of buying a perpetual license – either a Business Ready License (BRL) or a subscription-based Services Provider License Agreement (SPLA). This overview highlights the overall differences between the two models. The differences between the BRL and the SPLA license:

Business Ready License Payment Ownership

One payment upfront Customer buys and receives ownership of the license

Business Ready Enhancement

Business Ready Enhancement is a yearly fee of 16% of the list price, which guarantees the software upgrade .

Users

  

Provides usage for a maximum number of concurrent users. Lowering this number is not possible If more concurrent users are needed, additional license rights must be acquired

Service Provider License Agreement Monthly charge Customer pays for the usage of the license; but does not own it Business Ready Enhancement is included

 



Works on a named user basis Charged according to the exact number of registered named users per month The number can change per month, either higher or lower, which will result in a higher or lower price

For more information on Business Ready Licensing, please see: https://mbs.microsoft.com/partnersource/partneressentials/licensingpolicies/MD_BRL Guide.htm For more information on Service Provider License Agreements, please see: https://mbs.microsoft.com/partnersource/newsevents/news/ss2.htm?printpage=false &stext=SPLA Please note that in order to access the above sites you must have access to PartnerSource.


Hosted Microsoft Dynamics NAV Platform recommendations Hosting platform model There is no blueprint platform for hosting Microsoft Dynamics NAV, as many variables can come into play. For instance, it must be decided whether the platform is fully dedicated for a specific customer or if some components of the architecture can be shared. In any case, the existing hardware guide, sizing tool and overall experience can be largely reused in order to build the platform. However, with the shared approach, the objective is to leverage some of the infrastructure (when possible and beneficial) across different customer deployments. Therefore, further recommendations are required. The illustration on the left does not represent a hosting reference platform but rather is more of a model to illustrate recommendations. In addition, it focuses on a Microsoft Dynamics NAV-related infrastructure and doesn’t include every single element of a data center. The entry point of the platform is a network application (e.g Cisco PIX) that controls inbound and outbound traffic. Based on the inbound request (domain, protocol), it then directs it to the ISA server which analyzes and verifies the request. The request is then directed to the Terminal Services Gateway, which authenticates the users on the Domain Controller. Next, the Terminal Services Broker assigns a Terminal Services Server based on resource availability. The Terminal Services Server starts a session based on the user roaming profile. The Microsoft Dynamics NAV connection parameters (SQL Server name, database name, configuration file) and context (e.g. zup file) are retrieved and a client (Classic / RTC) is executed. This means that each Terminal Server can serve any user, including users from a different deployment. From that point, it functions as a regular Microsoft Dynamics NAV session running on the internal network.


Hardware specifications In general, we recommend that you use mid-range to high-end hardware, depending obviously on the sizing parameters. We also recommend that you use the Microsoft Dynamics NAV Hardware guide for the Service Tier and SQL Database servers. Terminal Servers specifications Server Role TS Gateway TS Server

Configuration 1x4Ghz CPU, 2 Go Ram, 50 Gb disk 2x4Ghz CPU, 4Go Ram, 100 Gb disk (*) 32 bits (**)

Average capacity Up to 20 terminal servers Up to 40 concurrent user s per server (*)

(*) Assumes no other applications are running on terminal server (e.g. Office or FRx). (**) We recommend 32 bits as TS server role runs client applications designed to run on workstations that typically run a 32-bit operating system. RTC deployment

We recommend that you run the service tier on a 64-bits operating system to maximize memory addressing. If this is not possible, we recommend using the /3GB switch in the Boot.ini file (see reference section). OS specifications In order to benefit from the latest Terminal Services improvements, each Terminal Services-related server should run Windows 2008. The Windows Server 2003 R2 and 2008 licensing model requires a server license for each copy of the server software installed. Terminal Services functionality is included in the Windows Server license. In addition to a server license, a Windows Server Client Access License (CAL) is required. If you wish to conduct a Windows session, an incremental Terminal Server Client Access License (TS CAL) is required as well. A Windows session is defined as a session during which the server software hosts a graphical user interface on a device. For Windows sessions, a TS CAL is required for each user or device. Two types of Terminal Server Client Access Licenses are available: TS Device CAL or TS User CAL. In the hosting context, it is recommended that you use the latter. All other components (Domain Controller, Microsoft Dynamics NAV Service tier server, SQL Server) could either use Windows 2008 Enterprise or Windows 2003 Enterprise R2. 18 MICROSOFT DYNAMICS NAV HOSTING GUIDE

SQL Server specifications For dedicated SQL Servers, there are no additional considerations with regard to the hosted versus on-premise approach. The same guidelines should apply. For instance, in order to get the best I/O from the disk subsystem, each of the different database files need to be isolated on a separate disk. This is for the shared binaries, instances roots, log files, data files, and temporary files. A typical hosted Microsoft Dynamics NAV SQL server will incorporate separate disks for that purpose. In leveraging SQL Server multiple instances capability, it is possible to use the same server for several deployments. In this scenario, best practices show that in multiple instance deployments, a better performance can be achieved when each instance is configured with an affinity mask to determine which processor an instance will use. See page 27 for instructions about how to set this. The CPU affinity mask setting can be used to restrict an instance in only a subset of CPUs, and also ensures that each thread always uses the same processor between interrupts. This reduces the swapping of the same thread among multiple processors, and increases the cache hit ratio on the second-level cache.

Also, to achieve great performance for multiple instances, it is only necessary to specify a reasonable minimum server memory without additional tuning on memory configuration. When multiple instances of SQL Server are running on the same computer, each instance independently uses the standard algorithm for dynamic memory management. The amount of memory allocated to each specific SQL Server 19 MICROSOFT DYNAMICS NAV HOSTING GUIDE

instance is driven by the relative workload of each one. This is designed to ensure that the instances with higher workloads acquire more memory while those processing lighter workloads acquire less memory. Network considerations Dial-up connections are practically extinct, and should not be used to connect to the data center where Microsoft Dynamics NAV is hosted. End-users should rely on reliable and high-performing Internet connections to reduce latency between the thinclient and the firewall. Server virtualization Part of the hosted Microsoft Dynamics NAV platform can take advantage of server virtualization technology. This is a key element in making the platform flexible and reducing its costs. What is Hypervisor?

Unlike the first generation of server virtualization technology, a Hypervisor-related solution is not only software-based, but it relies on the hardware component that facilitates the physical server’s resource management as well.

This ensures that the virtual machine’s logical resources (CPU, RAM, Disks) are actually aligned with the physical server capacity. For instance, an 8 CPU, 12 Go Ram host physical server can, in theory, run 4 virtual servers of 2 CPU with 3 Go each. This means that the overhead of running the Host OS is almost negligible. But runtime considerations are not the main advantage of virtualization. The real value is the fact that it brings a lot more flexibility for the platform in terms of provisioning and resource allocation. Virtualization for Microsoft Dynamics NAV

There are new possibilities now that Microsoft Dynamics NAV 2009 is officially supported on Hyper-V. Note that benchmarks show today that Microsoft Dynamics NAV 2009 Service Tier doesn’t scale as well on Hyper-V as on an equivalent 20 MICROSOFT DYNAMICS NAV HOSTING GUIDE

physical machine. That decrease in performance, however, must be put in perspective when you consider the gain flexibility and provisioning that virtualization brings. On the other hand, using virtual servers to run the Terminal Servers is a great way to make it possible to scale the platform. Each server is very generic (run only Microsoft Dynamics NAV client executables) and can be provisioned rapidly to handle growing traffic. Regarding the database server, it is not usually common to run SQL Server on a virtual server. This is not because SQL Server would not perform as well as on a physical equivalent server. It is because it natively provides much better tooling to maximize the hardware utilization (multiples instances, Resource Governor, etc.) Service Tier server sharing Another way to optimize the server utilization is to share the same server to execute multiple service tier servers running on different ports. The process is fairly simple:  

Copy Service tier binary into a new directory so the new service can have different parameters, Run the following command:

Z:\>SC CREATE NAVServiceCustomerABC binpath= "D:\Microsoft Dynamics NAV\60\ServiceABC\Microsoft.Dynamics.Nav.Server.exe" start= auto obj= "domain\ABCNAVsvc"



Update the CustomSettings.config with new database name, Microsoft Dynamics NAV Instance name and port.

Note that this is recommended only for small-to-medium Microsoft Dynamics NAV deployments, which are most likely the ones deployed on a shared-platform.


Office integration Microsoft Dynamics NAV is tightly integrated with Microsoft Office. It is possible to work with Microsoft Dynamics NAV data using the productivity functionality of Microsoft Excel and Word . In a hosted environment, it is still possible to benefit from this if Office is also accessed remotely. This means that Office must be installed on the Terminal Server farm and configured to be published as a remote application. It is not currently possible to integrate a hosted Microsoft Dynamics NAV with a local Office installation.


Hosted Microsoft Dynamics NAV specific configuration tips As explained earlier, the vast majority of the Microsoft Dynamics NAV component configurations are the same in a hosted environment. However, it is worth providing a few tips and caveats that can make a difference in the hosting context. Microsoft Terminal Services settings Performance enhancement

The user thin client settings can be changed to have the slimmest communication between the thin client and the data center. In the Properties panel of the RDP Client, it is recommended that you choose the lowest connection speed profile (Modem 28.8 Kbps) to maximize performance . When you choose this performance profile, only Bitmap Caching is checked.

Local client devices redirection

It is also very important to allow local resources to be redirected to the remote session in order to support printing and copy/paste from/to Microsoft Dynamics NAV. Open the Local Resources tab and put a check mark in the Printers and Clipboard boxes.


Experience shows that hard drive redirection does not perform well enough in this kind of configuration. Therefore, we recommend using FTP to transfer files back and forth between the client and the terminal server (e.g. Dataport). Security/Active Directory Running different customers on the same platform means that they will have domain accounts. Using Microsoft HMC (Hosted Messaging and Collaboration) principles, it is recommended that you use the Organization Unit (OU) to segregate customers. Under the root of your domain in Active Directory Users and Computer Management Console (dsa,msc), create your customers entry point (Right click, New, Organization Unit). Then under the “MyCustomer” organizational unit, create the different customers (Right click, New, Organization Unit).You will host Microsoft Dynamics NAV, as shown below:

This makes it possible to assign specific group policies for a specific customer that is different than the others. It is also preferable to assign Access Control in Microsoft Dynamics NAV via groups instead of users. In the Classic Client, navigate to Tools > Security > Windows Login Add NAV Admin and NAV User Groups as follows:


This makes it possible to provision (or de-provision) in a much more straightforward way by modifying the user’s membership in AD. It is also recommended that you use a simple security model for better manageability of users’ creation/deletion (no need to synchronize). In File > Database > Alter, click on the Advanced Tab and change the security model as follows:

Group policies Time zone redirection

By default, Terminal Server keeps track of time according to the time zone in which it has been configured, rather than on a per-user basis. This can be a problem when a user connects to a terminal server outside of the time zone in which the user is 25 MICROSOFT DYNAMICS NAV HOSTING GUIDE

located, because the local computer uses the time configured on the terminal server rather than the local time. If you are hosting time-sensitive applications on your terminal server, or if you have processes in place that depend on the user’s current local time (such as financial systems and calendaring), you might want to enable the Allow Time Zone Redirection Group Policy setting. This policy is located in Windows Components/Terminal Services. With this setting enabled, Terminal Services uses the server base-time on the terminal server and the client time zone information to calculate the time on the session. Locking Terminal Server session

The challenge with Terminal Server is to lock down the servers as much as possible without affecting end-user functionality. To aid in this challenge, Microsoft (among others) has published a KB article (see reference). When these guidelines are followed, the environment is more secure. For instance, the group policies can prevent: • • •

Open cmd prompt Server shutdown Registry access

Microsoft Dynamics NAV License Because of the fact that the same Microsoft Dynamics NAV Client executable is used for different customers, it is not possible to have the Microsoft Dynamics NAV license file (flf) copied on the runtime directory on the file system. Therefore, the license must be stored in the database. In Microsoft Dynamics NAV Client, Choose File/Database/Alter and check the option shown below:


SQL Server settings multi-instance optimization Configure SQL Instance CPU Affinity

In order to optimize the distribution of multiple SQL Server instances over the different CPUs of the hardware, it is recommended that you configure each server instance to only use a subset of the available CPUs. In the SQL Server Management Studio, connect to the instance you want to configure. Right Click and click on Properties. Select the property page of the instance by right clicking it. Uncheck the “automatically set processor (I/O) affinity...” boxes as shown here and assign the CPU’s accordingly.

Backup The backup regimen will depend on the Service Level Agreement (SLA), but the baseline service is to ensure that both the data and the servers have backups so that in case of a disaster, the overall platform can be rebuilt rapidly. Scope SQL Server Data files SQL Transactional Logs Server OS

Frequency

Retention

Recommend Technology

Daily

1 month

Scheduled SQL Backup

Hourly (*)

1 week

Scheduled SQL Backup

Daily

1 month

SAN Backup (Snapshots)

(*) Not a typical service

For data-related backup, we recommended relying on SQL Server backup functionality. Typically, the database administrator will engineer the backup strategy. 27 MICROSOFT DYNAMICS NAV HOSTING GUIDE

Considering the ERP nature of Microsoft Dynamics NAV, it is recommended that you schedule backup as part of daily maintenance plan that typically runs after business hours. See reference for an example of backup strategy as part of the maintenance plan. The Operating System backup process is greatly simplified if the overall platform storage is supported via a Storage Area Network (SAN) that provides snapshot backup functionality. This technology provides for rapid data block backup. Recent technologies are also capable of identifying the essential data to be backed up and stripping out redundant information (like Operating System binaries…) In the rare case of a hardware failure, backing up the Operating System will allow you to restore the run time execution platform for Microsoft Dynamics NAV rapidly. This will allow you to avoid reinstalling Microsoft Dynamics NAV clients throughout the Terminal Server, having to reinstall all the different service tiers and database servers. Also all the configurations of the users’ profile information will be preserved. The service provider also needs to guarantee the protection of the backup media during the retention period and would typically have an offsite location to physically keep them safe.


Administration Service provisioning Building and managing a data center environment can rapidly become a complex undertaking that often requires system administrators to manage multiples servers. As a result, routine administrative tasks, which would be simple to accomplish in a small multiserver environment, become unmanageable across such a large number of servers. Tasks such as adding new users, updating directory entries, and provisioning application services across a large volume of servers are all manual administration tasks that do not scale easily. In addition, customers of hosted services are now demanding service level agreements (SLAs), increased uptime and availability, and the ability to monitor and administer their own services. SLAs often incorporate metrics for service activation, service additions or modifications, user additions, and other similar changes. Designing and implementing a service provisioning solution into the data center makes it possible to automate routine administrative tasks that enable customers to manage their own resources, thus lowering overall operations costs. Provisioning servers are typically third-party software. There is not currently any solution that provides out-of-the box functionality to provision Microsoft Dynamics NAV. However, provisioning servers offer open API in order to develop specific tasks. In the context of Microsoft Dynamics NAV, this could include tasks such as provisioning a new database server instance and adding or removing users. Control panels Control panels are third-party software that sits on top of provisioning engines. Typically control panels provide a single, role-based self-management interface for reseller and company administrators, as well as service end-users. Users can access all the bulk resources or hosted services provisioned to them through a single interface. As new resources or services are added, they become accessible through the same interface. This allows service providers, resellers, and even company administrators to delegate all common service-management tasks to the retail customers and the service end-users that they manage. The company administrator interface provides capabilities for managing end-user setup and support. And the service end-user interface exposes capabilities appropriate for managing personal accounts and service settings. In addition, each interface can be branded to reflect the service provider’s, reseller’s, or company’s corporate identity.


Platform infrastructure management It is also essential to invest in a platform management tool that offers a single point of control for all servers, especially when virtualization is used. For instance, Microsoft System Center Virtual Machine Manager makes it possible to get more out of physical servers via simple and fast consolidation on a virtual infrastructure. It enables rapid provisioning of new virtual machines by the administrator using a selfservice tool. Note that while considering a platform infrastructure management tool is not directly related to Microsoft Dynamics NAV, it is key for the hosting provider to manage the overall infrastructure. Monitoring Availability monitoring

Standard monitoring tools typically check t the servers’ health in real time (%CPU, available memory, network connection losses) in order to ensure that the platform is in running order. However, they might not capture all the necessary events to guarantee Microsoft Dynamics NAV service. As a result, these should be extended to check the viability of specific processes that are vital to Microsoft Dynamics NAV, such as the SQL Engine and the Microsoft Dynamics NAV Service Tier processes. Typically, the hosting provider will have a third-party monitoring tool in place. This tool will most likely follow the Simple Network Management Protocol (SNMP) These alerts are vital for the hosting provider to honor the Service Level Agreement. Proactive monitoring

It is also important to monitor the Microsoft Dynamics NAV Service Tier process memory consumption in order to prevent slow response or service interruption. Typically, an alert should be sent to a system administrator whenever the service tier memory consumption reaches 2Gb. If this threshold is frequently reached, it is recommended that you create a supplemental service tier and configure half the users to use the first service tier and the other half the second one.


Known issues Time zone issue with RTC The Terminal Server session running the RTC must be in the same time zone as the service tier server. With remote users, it is now possible for the users to be in a different time zone than the service tier. Until this issue is resolved, there are two workarounds:  

Setup one service tier server per supported time zone and configure user settings accordingly Elect a reference time zone for all users and disable time zone redirection group policies (see recommendation section)

Microsoft Dynamics NAV 2009 database can only run on SQL default instance As of now, you cannot plan to run Microsoft Dynamics NAV 2009 on shared multiinstance SQL Servers because running Microsoft Dynamics NAV 2009 database on a named instance is not supported. RTC Client doesn’t work with Windows mandatory profiles It is quite common to configure mandatory profiles in a Windows hosted environment. A mandatory user profile is a special type of pre-configured user profile that administrators can use to specify user settings. With mandatory user profiles, a user can modify his or her desktop. Profile changes are typically saved via logoff scripts, which offer more control of what needs to saved or discarded between sessions. But RTC uses an encryption class in order to write the PersonalizationStore.xml file that cannot work with mandatory profiles. In hosting environment, RTC can works with a Roaming Profile. However, in this case, the system will not save the profile information in “Local Settings,” which is precisely where the ClientUserSettings.config is expected to be placed. The solution is to copy ClientUserSettings.config to the roaming user folder (%APPDATA%\) and to change the client shortcut by adding these argument settings:"%APPDATA%\ClientUserSettings.config"”. Certain Language requires dedicated Terminal Server If you plan to host Microsoft Dynamics NAV for global customers, it is possible to use more than one Microsoft Dynamics NAV client language on the same terminal server farm. This means you can, for example, run Microsoft Dynamics NAV in en_US and fr_CA from the same terminal server farm. However, certain languages like Russian and Chinese, for example, require configuration of the regional server settings to indicate the language for non-Unicode programs: 31 MICROSOFT DYNAMICS NAV HOSTING GUIDE

As this setting is at the server level and not at the user level, it is not possible to run other languages on this machine, so it will become a dedicated language for the users who need it.


References Terminal Services Gateway (TS Gateway) http://technet.microsoft.com/en-us/library/cc731264.aspx TS RemoteApp Step-by-Step Guide http://technet.microsoft.com/en-us/library/cc730673.aspx Locking down Windows Server 2003 Terminal Server sessions http://www.microsoft.com/windowsserver2003/techinfo/overview/lockdown.mspx Microsoft Software + Services Incubation Center Hosting Partners http://www.microsoft.com/serviceproviders/directory/saashostingpartners.mspx Virtualization for Windows: A Technology Overview http://download.microsoft.com/download/e/0/c/e0cf764d-c4b5-4681-a262dd0e9fe416af/MSVirtualizationOverview.docx Multiple Service Tiers http://blogs.msdn.com/freddyk/archive/2008/10/29/multiple-service-tiers.aspx Memory Support and Windows Operating Systems http://www.microsoft.com/whdc/system/platform/server/PAE/PAEmem.mspx Database Maintenance Plans and Backup File Management in SQL Server 2005 http://www.mssqltips.com/tip.asp?tip=1094 Microsoft server software and supported virtualization environments http://support.microsoft.com/?kbid=957006


Part No. 0000-0000 (mm/yy)

Microsoft Dynamics is a line of integrated, adaptable business management solutions that enables you and your people to make business decisions with greater confidence. Microsoft Dynamics works like and with familiar Microsoft software, automating and streamlining financial, customer relationship, and supply chain processes in a way that helps you drive business success. U.S. and Canada Toll Free (888) 477-7989 Worldwide (1) (701) 281-6500 www.microsoft.com/dynamics The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, this document should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication. This white paper is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. © 2008 Microsoft Corporation. All rights reserved. Microsoft, Microsoft Dynamics, the Microsoft Dynamics logo, and [list all other Microsoft trademarks cited in the document, in alphabetical order. The trademark information that is included is dependent upon the content of the white paper. Visit http://lcaweb/default.htm to determine what products are trademarked.] are trademarks of the Microsoft group of companies. Someone needs to check trademarks
