|
Home > Archive > Commerce Server Solution Sites > February 2004 > Do Solution Sites work on SQL Server 2000 Std Ed?
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Do Solution Sites work on SQL Server 2000 Std Ed?
|
|
|
|
| Ryan Ross 2004-02-07, 9:39 am |
| You need SQL 2000 Enterprise Edition. The reason for this: only the
Enterprise Edition can use ssl (https). You need ssl for credit card
numbers, user data, etc. It encrypts the data.
If you want to evaluate CS2002, and have a working SQL2000 Standard Edition
server already up, and you do not want to download the SQL2000 Evaluation
Edition (which is a timebombed enterprise edition)...then you can use it.
But if you want to develop or actually use a solution site or your own site,
you need SQL 2000 Enterprise Edition.
Cheers,
Ryan
"Martin" <x@y.z> wrote in message
news:O6CQq252DHA.2548@tk2msftngp13.phx.gbl...
> I see the Commerce 2002 install notes at
>
http://www.microsoft.com/commercese...eb_install_iskk
> say I need SQL Server Ent Ed, but I thought I'd heard otherwise. Can
> someone elaborate?
>
>
> Thanks
> Martin
>
>
| |
| Martin 2004-02-07, 9:39 am |
| Hi Ryan,
Are you saying
1) the cards are encyrpted in transit to the database (ie over https)
2) when they are stored in the database
3) or both?
I don't believe I need https between commerce server and sql server as they
are on a private (secure) LAN
I guess I there are other ways to secure data stored in SQL - SSL uses
session based symmetric keys (plus asymmetric to share the secret key)
Is the use of SSL hard coded in the the commerce server components, or can I
program round it?
I've been using the eval stuff, but it has now expired and it's decision
time on the purchase.
Thanks alot
Martin
"Ryan Ross" <ryanr@nni.com> wrote in message
news:100gie9qtbspnef@corp.supernews.com...
> You need SQL 2000 Enterprise Edition. The reason for this: only the
> Enterprise Edition can use ssl (https). You need ssl for credit card
> numbers, user data, etc. It encrypts the data.
>
> If you want to evaluate CS2002, and have a working SQL2000 Standard
Edition
> server already up, and you do not want to download the SQL2000 Evaluation
> Edition (which is a timebombed enterprise edition)...then you can use it.
> But if you want to develop or actually use a solution site or your own
site,
> you need SQL 2000 Enterprise Edition.
>
> Cheers,
> Ryan
>
>
> "Martin" <x@y.z> wrote in message
> news:O6CQq252DHA.2548@tk2msftngp13.phx.gbl...
>
http://www.microsoft.com/commercese...eb_install_iskk
>
>
| |
| Ryan Ross 2004-02-07, 9:39 am |
| To answer your questions: 1.) the cards are encrypted in transit to the
database (ie over https).
However, for some compatibility reasons I cannot remember, you need SQL
Enterprise for https. You cannot dodge this bullet.
The data stored on the SQL server is not encrypted.
Commerce Server and SQL Server (when not on the same machine) talk to each
other by way of Active Directory. Security is provided by Windows Integrated
Security.
Everyone uses the same setup as you describe. Commerce Server, IIS frontend
/ SQL, AD backend, on the same LAN (configs may differ slightly i.e.
Exchange Servers, CMS Servers, redudant servers, multiple tiers).
You could conceivably code around it, but it's not worth it. $1000 price
difference between SQL Standard and Enterprise is nothing. If your
purchasing authority is having any trouble understanding that, tell them to
give me a call. Flouting a web standard (https) for customer safety to save
a $1000 does not compare to 1.) the amount of time and money you will spend
writing something even comparable, and 2.) the warm feeling a customer gets
when they see that golden lock at the bottom of their screen, letting them
know that their CC number is safe, and the company behind the website knows
what they are doing.
God help your company if your credit card company gets wind of y'all using a
website without SSL. Your rates will go up...a lot.
For purchasing CS 2002, and all the software and hardware that goes with it
(assuming you do not have any of it already), the cost runs about $30K
(simple setup). I built our servers myself (custom Dual Athlon MP 2800+, 2
GB ECC ram, RAID array, UPS battery backup, lots of goodies).
You will need anywhere from a DSL (1.5/1.5) to T-1 on upwards for the
servers. That costs a bit. If you already have programmers or you are doing
it yourself, good start. If not, remember to budget them in. A CS programmer
tends to carry a premium (in my observation) over a standard (green)
programmer. If you start with a green, it will take a few months (typically)
for him/her/them to familiarize with the system.
Is it worth it? Yes. If your company already brings in more than a million
in revenue, it is a very Good Idea T. Remember, IT does not usually bring in
money by itself. Having a large IT department does not mean large revenues,
the way a large Sales department might. IT is a force multiplier.
Large IT (70 people) * no Sales (0 people) = $0.
Large IT (70 people) * Small Sales (1 person) = $1
Small IT (1 person) * Large Sales (30 people) = $30.
Medium IT (20 people) * Medium Sales (20 people) = $400.
It actually scales better than this (last one should be more like $4,000).
Hmm...probably confused you, but you might understand. You need one IT
person (coder, admin, support, whatever) for every three sales people. More
than that, and too much traffic will be pushed through sales, slowing the
whole system. Less than that, and you are not fully using the system. There
are exceptions and variations, but the typical company plan follows the
above.
Commerce Server is a very mature E-Commerce platform, very easy to code
with, and the Solution Sites (particulary Retail 2002), when all the bugs
have been eliminated, is lovely. Dell uses CS 2002 (all the way from Site
Server 3.0, a long time ago), and is an excellent example of when technology
is used properly.
Anyway, good luck, and I hope I did not confuse you,
Ryan Ross
E-Commerce Developer
"Martin" <x@y.z> wrote in message
news:uej9VXP3DHA.1392@TK2MSFTNGP11.phx.gbl...
> Hi Ryan,
>
> Are you saying
> 1) the cards are encyrpted in transit to the database (ie over https)
> 2) when they are stored in the database
> 3) or both?
>
> I don't believe I need https between commerce server and sql server as
they
> are on a private (secure) LAN
> I guess I there are other ways to secure data stored in SQL - SSL uses
> session based symmetric keys (plus asymmetric to share the secret key)
>
> Is the use of SSL hard coded in the the commerce server components, or can
I
> program round it?
>
> I've been using the eval stuff, but it has now expired and it's decision
> time on the purchase.
>
> Thanks alot
> Martin
>
> "Ryan Ross" <ryanr@nni.com> wrote in message
> news:100gie9qtbspnef@corp.supernews.com...
> Edition
Evaluation[color=blue]
it.[color=blue]
> site,
>
http://www.microsoft.com/commercese...eb_install_iskk
>
>
| |
| Ryan Ross 2004-02-07, 9:39 am |
| Whoops. I mean they are encrypted in transit from the client's computer to
the webserver (Commerce Server).
"Ryan Ross" <ryanr@nni.com> wrote in message
news:100jq9mghnvtcf@corp.supernews.com...
> To answer your questions: 1.) the cards are encrypted in transit to the
> database (ie over https).
>
> However, for some compatibility reasons I cannot remember, you need SQL
> Enterprise for https. You cannot dodge this bullet.
>
> The data stored on the SQL server is not encrypted.
>
> Commerce Server and SQL Server (when not on the same machine) talk to each
> other by way of Active Directory. Security is provided by Windows
Integrated
> Security.
>
> Everyone uses the same setup as you describe. Commerce Server, IIS
frontend
> / SQL, AD backend, on the same LAN (configs may differ slightly i.e.
> Exchange Servers, CMS Servers, redudant servers, multiple tiers).
>
> You could conceivably code around it, but it's not worth it. $1000 price
> difference between SQL Standard and Enterprise is nothing. If your
> purchasing authority is having any trouble understanding that, tell them
to
> give me a call. Flouting a web standard (https) for customer safety to
save
> a $1000 does not compare to 1.) the amount of time and money you will
spend
> writing something even comparable, and 2.) the warm feeling a customer
gets
> when they see that golden lock at the bottom of their screen, letting them
> know that their CC number is safe, and the company behind the website
knows
> what they are doing.
>
> God help your company if your credit card company gets wind of y'all using
a
> website without SSL. Your rates will go up...a lot.
>
> For purchasing CS 2002, and all the software and hardware that goes with
it
> (assuming you do not have any of it already), the cost runs about $30K
> (simple setup). I built our servers myself (custom Dual Athlon MP 2800+, 2
> GB ECC ram, RAID array, UPS battery backup, lots of goodies).
>
> You will need anywhere from a DSL (1.5/1.5) to T-1 on upwards for the
> servers. That costs a bit. If you already have programmers or you are
doing
> it yourself, good start. If not, remember to budget them in. A CS
programmer
> tends to carry a premium (in my observation) over a standard (green)
> programmer. If you start with a green, it will take a few months
(typically)
> for him/her/them to familiarize with the system.
>
> Is it worth it? Yes. If your company already brings in more than a million
> in revenue, it is a very Good Idea T. Remember, IT does not usually bring
in
> money by itself. Having a large IT department does not mean large
revenues,
> the way a large Sales department might. IT is a force multiplier.
>
> Large IT (70 people) * no Sales (0 people) = $0.
> Large IT (70 people) * Small Sales (1 person) = $1
> Small IT (1 person) * Large Sales (30 people) = $30.
> Medium IT (20 people) * Medium Sales (20 people) = $400.
>
> It actually scales better than this (last one should be more like $4,000).
> Hmm...probably confused you, but you might understand. You need one IT
> person (coder, admin, support, whatever) for every three sales people.
More
> than that, and too much traffic will be pushed through sales, slowing the
> whole system. Less than that, and you are not fully using the system.
There
> are exceptions and variations, but the typical company plan follows the
> above.
>
> Commerce Server is a very mature E-Commerce platform, very easy to code
> with, and the Solution Sites (particulary Retail 2002), when all the bugs
> have been eliminated, is lovely. Dell uses CS 2002 (all the way from Site
> Server 3.0, a long time ago), and is an excellent example of when
technology
> is used properly.
>
> Anyway, good luck, and I hope I did not confuse you,
>
> Ryan Ross
> E-Commerce Developer
>
>
>
> "Martin" <x@y.z> wrote in message
> news:uej9VXP3DHA.1392@TK2MSFTNGP11.phx.gbl...
> they
can[color=blue]
> I
> Evaluation
> it.
>
http://www.microsoft.com/commercese...eb_install_iskk
Can[color=blue]
>
>
| |
| Martin 2004-02-07, 9:39 am |
| Hi Ryan,
I didn't realise the costs between Ent Ed and Std Ed of SQL Server 2000 were
so close - I must check this again. - If so there I agree - there is no
issue.
As you say, this is not an issue of ssl from the web server to the browser,
but comms between commerce and sql server. I'm not sure what that channel
is - can you clarify?
Thanks again
Martin
"Ryan Ross" <ryanr@nni.com> wrote in message
news:100jqrve516k4ea@corp.supernews.com...
> Whoops. I mean they are encrypted in transit from the client's computer to
> the webserver (Commerce Server).
>
>
> "Ryan Ross" <ryanr@nni.com> wrote in message
> news:100jq9mghnvtcf@corp.supernews.com...
each[color=blue]
> Integrated
> frontend
> to
> save
> spend
> gets
them[color=blue]
> knows
using[color=blue]
> a
> it
2[color=blue]
> doing
> programmer
> (typically)
million[color=blue]
bring[color=blue]
> in
> revenues,
$4,000).[color=blue]
> More
the[color=blue]
> There
bugs[color=blue]
Site[color=blue]
> technology
> can
decision[color=blue]
use[color=blue]
own[color=blue]
>
http://www.microsoft.com/commercese...eb_install_iskk
> Can
>
>
| |
| Ryan Ross 2004-02-07, 9:39 am |
| Prices depend on your liscensing model. Certain ways are more expensive than
others.
Might be https. I'll have to double check.
Blast, I read a post a while back detailing why you wanted Enterprise over
Standard. Something about XML and https...I'll try to locate it.
Ryan
"Martin" <x@y.z> wrote in message
news:uRhaK7f3DHA.540@tk2msftngp13.phx.gbl...
> Hi Ryan,
>
> I didn't realise the costs between Ent Ed and Std Ed of SQL Server 2000
were
> so close - I must check this again. - If so there I agree - there is no
> issue.
>
> As you say, this is not an issue of ssl from the web server to the
browser,
> but comms between commerce and sql server. I'm not sure what that channel
> is - can you clarify?
>
> Thanks again
> Martin
>
> "Ryan Ross" <ryanr@nni.com> wrote in message
> news:100jqrve516k4ea@corp.supernews.com...
to[color=blue]
the[color=blue]
SQL[color=blue]
> each
price[color=blue]
them[color=blue]
> them
> using
with[color=blue]
2800+,[color=blue]
> 2
> million
> bring
> $4,000).
> the
the[color=blue]
code[color=blue]
> bugs
> Site
https)[color=blue]
as[color=blue]
uses[color=blue]
key)[color=blue]
or[color=blue]
> decision
the[color=blue]
card[color=blue]
Standard[color=blue]
> use
> own
>
http://www.microsoft.com/commercese...eb_install_iskk
>
>
| |
| Martin 2004-02-07, 9:39 am |
| There is a big price difference between std and ent editions of sql server
2000 - so I really need to get this resolved.
Microsoft - can you please answer my question - do I (& why do I) need sql
server enterprise edition for the retail solution site?
Thank you
Martin
"Ryan Ross" <ryanr@nni.com> wrote in message
news:100mdq5jb6hkgcc@corp.supernews.com...
> Prices depend on your liscensing model. Certain ways are more expensive
than
> others.
>
> Might be https. I'll have to double check.
>
> Blast, I read a post a while back detailing why you wanted Enterprise over
> Standard. Something about XML and https...I'll try to locate it.
>
> Ryan
>
>
> "Martin" <x@y.z> wrote in message
> news:uRhaK7f3DHA.540@tk2msftngp13.phx.gbl...
> were
> browser,
channel[color=blue]
computer[color=blue]
> to
> the
> SQL
to[color=blue]
> price
> them
to[color=blue]
will[color=blue]
customer[color=blue]
letting[color=blue]
website[color=blue]
> with
$30K[color=blue]
> 2800+,
the[color=blue]
are[color=blue]
IT[color=blue]
people.[color=blue]
slowing[color=blue]
system.[color=blue]
> the
> code
> https)
server[color=blue]
> as
> uses
> key)
components,[color=blue]
> or
> the
> card
> Standard
can[color=blue]
your[color=blue]
>
http://www.microsoft.com/commercese...eb_install_iskk
otherwise.[color=blue]
>
>
| |
| James Walters [MSFT] 2004-02-07, 9:39 am |
| You can use Standard Edition if you would like to. The main function you
will loose as far as CS2002 is concerned is advanced Datawarehousing
features.
Thanks
James
This posting is provided "AS IS" with no warranties, and confers no rights.
EBusiness Server Team
| |
| Martin 2004-02-07, 9:39 am |
| Thanks
Martin
"James Walters [MSFT]" <jamesw@online.nospam.microsoft.com> wrote in message
news:bvdXp3t3DHA.3648@cpmsftngxa07.phx.gbl...
> You can use Standard Edition if you would like to. The main function you
> will loose as far as CS2002 is concerned is advanced Datawarehousing
> features.
>
> Thanks
>
> James
>
>
> This posting is provided "AS IS" with no warranties, and confers no
rights.
>
> EBusiness Server Team
|
|
|
|
|