Designing a logical network architecture is the first step in the implementation of a secure perimeter network. The next step is to transform this architecture into a physical implementation. Doing so without guidance might be complicated for most systems administrators. But help is available, and what's even better is that it's free: A special unit at Microsoft has taken on the job of providing guidance in Microsoft product implementation. The Microsoft Systems Architecture (MSA) group began producing complex architectural designs for Microsoft technologies with the arrival of Windows 2000. Version one of the MSA wasn't ready for prime time so it was never released. The first public release of MSA was version 1.5. It was separated into two complete architectures: the Internet Data Center and later, the Enterprise Data Center. With the coming of Windows Server 2003, the MSA group released 2.0, a comprehensive unified infrastructure architecture for the use of Microsoft server and client products.

According to Jeff James, lead program manager with the MSA team, Microsoft decided to unify the Internet and Enterprise Data Centers in 2.0 because it better reflects real-life scenarios. James has been working with MSA since the first version and is excited about the new release. "By configuring our products in real-life scenarios, we can ensure that everything works as it should," James says. "This makes sure that products work as advertised, and if they don't, it allows us to provide valuable feedback to the product development teams." In a way, the MSA group acts as a quality assurance team for Microsoft. By documenting configurations that customers can be expected to use, they test almost every aspect of the released version of each product.

For customers, MSA 2.0 is a goldmine. That's because it describes the complete configuration of a Windows-based network in a typical implementation scenario. It documents two architecture levels. The first is a reference architecture that includes both architecture and service blueprints. The second is an implementation kit that includes three guides: planning, build, and operations. MSA 2.0 coverage includes the design of a corporate data center, branch offices, departmental networks, extranet configurations, and Internet data center configuration—most everything anyone needs to securely configure his or her Windows network. Because it was released shortly after Windows Server 2003, MSA 2.0 doesn't include updates for new products such as ISA Server 2004.

According to James, special MSA 2.0 updates will be released later. You can expect them about one month after the official release of any Windows Server System product. "While we prepare the initial architecture with beta software, we scrap everything and reconfigure and retest with final release code," James says. "This is because we document real life and that has to be based on final code."

James is already working on 3.0. This version will be based on a fictional company, Woodgrove Bank, and will provide secure infrastructure design. But don't hold your breath. According to James, 2.0 should be good for the next few years, especially with the planned updates. See for yourself. You can obtain the MSA from the Microsoft Web site (see Resources). This will give you access to all MSA documents. But if you prefer, you can also order a CD version of MSA 2.0 (see Resources). The advantage of the CD version is that it includes a graphical table of contents that lets you point and click to network components to access appropriate documentation. In many ways, the graphical map provides much better information than the documentation alone. Either way, the MSA is an invaluable tool that should be on every system administrator's desk.