Knowledge Base
Knowledge Base
Knowledge Base
Knowledge Base
| Home | RDP Sales | Contact Us | Training |
|
| RDP Support | ||||
|
RDPWin Knowledge Base |
RDP-DOS Knowledge Base |
IRM and IRM.Net Knowledge Base |
Crystal Knowledge Base |
|
This document outlines the hardware and software requirements for the Internet Reservation Module (IRM). The IRM must be installed on a Windows 2003 or 2008 Standard Edition server at the property, which in turn accesses your data server to provide true last room availability. All reservations are stored immediately on your data server, just as if they were typed in on a workstation at the property. Topics covered in this document include:
| IRM Hardware Topics in this document include: | |
|---|---|
RDP's Internet Reservation Module is designed to run on Microsoft Windows 2003 or 2008 Server. Older versions of Windows, such as Windows 2000, NT, or Windows XP professional are not supported. No other software should be installed on the IRM server, such as accounting systems, small business server, etc. The IRM is designed as a stand alone application.
For more information, see IRM Installation Directions.
| Minimum Internet Reservation Module (IRM) Server Configuration |
|---|
|
RDP's recommendation is to install the IRM on a separate computer running Windows 2003 or 2008 server, which we call the "IRM Bridge Server." When a guest, travel agent, group, or owner accesses rates and availability, they connect to the IRM bridge server, which in turn accesses your data from the data server. All IRM reservations, as well as normal internal reservations, are stored immediately in the same database on the data server.
Remember to backup the C:\Inetpub directory every day on the IRM server to avoid losing important files and pictures. See Backup for more details.
The design of having your data on one server/workstation ("data server") and a separate Windows 2003 or 2008 bridge server for the IRM improves security. While there is a great deal of security already provided by Microsoft operating systems and a firewall, it may still be possible for a sophisticated person to "hack into" the IRM server. With a separate IRM server, there is no data stored on the IRM. This "hacker" cannot view or damage data on the IRM, because there is no data on the IRM: it's all on the data server.
RDP has now installed over 300 IRM systems on separate servers. To date, there has not been a single occurrence of a hacker viewing any data or damaging any data in this environment!
The remainder of this document assumes the installation of the IRM on a separate Windows 2003 server.
The IRM Bridge Server must be accessible to Internet browsers 24-hours per day, 365-days a year. This Internet connection is normally maintained through an Internet Service Provider (ISP). Contact your ISP for Internet connection options. The minimum connection speed is 384K dedicated to the IRM*. Higher connection speeds are required, depending on the anticipated number of simultaneous users. Additionally, if a large number of pictures and graphics are used, a higher connection speed is required. Possible connection types include DSK, T1, Microwave, Frame Relay, ISDN, etc. Please contact RDP Sales for configuration assistance for large sites.
*Ideally, a separate Internet connection with a separate firewall should be installed and dedicated to the IRM. This assures that the entire bandwidth is available for Internet guests at all times. If the IRM is sharing an internet connection with the rest of the property, it is possible the performance of the IRM will be slow during periods of peak usage. The IRM can generate a tremendous amount of revenue for the property and is well worth the investment of a dedicated internet connection running at 384KB or higher.
It is important to test your Internet connection for performance. Please see Testing the performance of the IRM Connection.
IRM.Net does have some limitations when dealing with web browsers. Since there are so many different browsers with so many different capabilities, add-ons, and limitations, IRM.Net is only designed to work with and is tested with the following Internet browsers: Microsoft's Internet Explorer and Mozilla's Firefox. Netscape is no longer supported by AOL, so while the IRM.Net works on the most recent versions of Netscape, RDP cannot guarantee the IRM.Net to continue to work with Netscape.
In order to install and support the IRM, RDP support personnel must be able to access the IRM Bridge Server via the Internet. This is accomplished using Windows 2003 Terminal Services software, which is included at no additional charge with Windows 2003 server. The firewall must be configured to open port 3389 and redirect it to the IRM Bridge Server to allow Terminal Services traffic from RDP Support.
To install and support the IRM, RDP support needs to know the password to the administrator account on the IRM bridge server and the RDP Data Server.
RDP has designed the Internet Reservation Module to be extremely secure. Since 1999, RDP has installed over 300 IRM systems, and we have never had a "hacker intrusion" to the RDP data Server. This high level of security has been accomplished as follows:
| Stand Alone Firewall |
The IRM requires the installation of a
"stand alone" firewall, which is designed to stop hackers from breaking into your
network. "Stand alone" means a separate physical
firewall box. No firewall software can be installed on the
RDP Data Server or IRM Server.
Most firewalls, when first installed, prevent all access to any workstation or server on your network from the outside. The firewall is then opened for specific machines, and specific ports on those machines, to the outside world. Normally, only the IRM bridge server is opened, and only on a few ports. The firewall therefore stops all outside access to all other machines, such as the RDP Data Server. |
||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Ports to Open | On the firewall the following ports must
be open for the IRM bridge Server:
A physical firewall is required to secure the IRM.net from viruses and other attacks. The external IP address must be redirected to the internal address of the IRM.net Bridge for ports 80, 443, and 3389. Additionally, the firewall must be open to allow outgoing Email from the SMTP server installed on the IRM.net bridge on port 25. Do not, under any conditions, assign the external IP address directly to the IRM.net, as this creates a security loophole and also prevents proper communication from the IRM.net to the data server.
|
||||||||||
| Only One Network Card in Data Server and IRM Server |
There can be only one network card
installed in the IRM Bridge Computer and data server. These should be
standard Ethernet
100MB card (or faster). Both the IRM Bridge Server and the data
server must be connected to the same hub or
switch, since a great deal of data is passed between the
IRM bridge server and the data server.
Do not install a separate network card in the IRM Bridge server or the data server that connects directly to the internet router. Both the IRM bridge computer and the RDP data server must be "behind" the stand alone firewall. IP address redirection of ports 80, 443, 3389 should be set up to the IRM bridge server. See "ports to open" above. A diagram appears at the end of this document. |
||||||||||
| No DMZ allowed | The IRM Bridge server cannot be placed in a "DMZ"
(De-militarized zone), because an enormous amount of data must pass
between the IRM bridge server and the RDP Data server. A DMZ is
designed to stop this communication. If the IRM is installed
in a DMZ, it will not work. The communication with the Pervasive
database on the data server is stopped by the DMZ.
The IRM is very secure without a DMZ. With over 300 installations, RDP has not yet had a single security breech to the data server from the IRM Bridge server. |
||||||||||
| Dedicated IRM Bridge Server | RDP requires a dedicated IRM Bridge Server. This server acts as a "Bridge" to your data server, and provides a tremendous amount of additional security. All guest data (such as reservations, credit card information, and addresses) is stored on the data server, which is protected by the firewall. | ||||||||||
| Virus Protection | RDP requires the installation of virus protection software on the IRM and data server, which provides another level of security. Norton Anti-Virus for an IRM Server costs less than $100. | ||||||||||
| Windows Security | Microsoft has spent millions of dollars to provide a tremendous amount of security as part of Windows 2003. If somehow a hacker was able to get through the firewall, and through the dedicated IRM Bridge, and then through the virus protection software, he/she would still have to overcome Microsoft Security. While this may be possible in theory, it has not occurred in over 300 installations. | ||||||||||
| Security Certificate (Data Encrypted) |
RDP suggests using a Security Certificate when processing credit card transactions online with the IRM. Security Certificates insure that passwords and credit card information are encrypted and secure over the Internet connection. A Security Certificate must be purchased annually from a Certificate Authority. The IRM will use Secure Socket Layer (SSL) for encrypting data on the IRM Bridge Server. There are a number of companies that provide the certificate, including:
|
The IRM contains many HTML files that can be modified by the customer, including:
All HTML files can be modified with any HTML editor. It is not possible for RDP support to learn all the different HTML editors, so we require using Microsoft Front Page, with which we are very familiar.
The Internet reservation module can have a wide variety of pictures to make the site much more appealing to the guest. A picture editor is needed to reformat pictures to the correct size for the IRM. While a variety of picture editing software might work, RDP support is familiar with Paint Shop Pro. If you would like help from RDP support with picture reformatting you must use Paint Shop Pro Version 8 or higher, which is available at a nominal cost from www.jasc.com.
| Item | Explanation | ||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Anti-Virus Software | Anti-virus software should be installed on the RDP data server, IRM server, and all
workstations. It is critical to configure the auto-protected mode of
all anti-virus software to scan local drives only. If anti-virus
software is set to scan network drives, all network based software such as
RDP will run slowly. See Do Not Scan Network Drives with Anti-virus Software. |
||||||||||||||
| Router | A router connects your firewall to the Internet. For security reasons, it is critical to always connect the router to a firewall and not directly to a network card in any server or workstation. | ||||||||||||||
| Firewall | A firewall provides security when an internal network is connected to the Internet. The
firewall must be a physically separate device (a "stand alone" firewall).
RDP software does not work with firewall software installed on the RDP data server or the
IRM Bridge Server. The firewall must be capable of "address redirection."
For example, the external IP address of 65.38.150.5 will be redirected to the internal
address of the IRM server (10.0.0.4 in this example). See Linking Options From Your Marketing Website to the IRM and IRM.net. |
||||||||||||||
| Firewall Ports to Open DMZ setup for IRM Ports for Netmeeting |
A physical firewall is required to secure the IRM from viruses and other attacks. The
external IP address must be redirected to the internal address of the IRM Bridge for Ports 80,
443, and 3389. Additionally, the firewall must be open to allow outgoing e-mail from the
SMTP server installed on the IRM bridge on Port 25. Do not, under any conditions, assign
the external IP address directly to the IRM, as this creates a security loophole and also
prevents proper communication from the IRM to the data server.
|
||||||||||||||
| Switch or Hub | All workstations are connected to a hub or switch which must be a minimum of 100 megabits. The RDP data server and IRM bridge server must be connected to the same hub or switch. Ideally, all workstations that access RDP should be connected to the same hub or switch as the data server. Multiple hubs or switches may be installed for larger installations. Regardless of how many hubs or switches are used, all workstations that access the RDP data server must be on the same subnet. | ||||||||||||||
| Same Subnet and Domain |
The RDP data server, IRM bridge server, and all workstations that access RDP must be on the same subnet and in the same domain. For example, if the IP address assigned to the data server is 10.0.0.3, then the IRM bridge server and all workstations should have an internal IP address of 10.0.0.x, where x can range from 1-254. The "Subnet mask" on all computers would be 255.255.255.0. | ||||||||||||||
| One and Only One Network Card |
The RDP data server, IRM bridge server, and all workstations that access RDP should have one, and only one, network card. When more than one network card is installed, various communication problems result. | ||||||||||||||
| Workstations | RDP supports Windows XP Professional or Windows Vista workstations. | ||||||||||||||
| Data Server Domain Controller or Peer-to-Peer |
RDP is installed in a Windows 2003 "Active Directory"
environment or "Peer-to-Peer". For most
installations, the RDP Windows 2003 or 2008 data server also serves as the domain
controller. However, if there is already a Windows 2003 or 2008 domain
controller, the RDP data server can be a member server of the existing domain.
If there are other applications that require a Windows 2003 or 2008 server, RDP suggests placing them on another Windows 2003 or 2008 server, not the RDP data server or IRM bridge server. This maximizes performance and reduces conflicts. The RDP data server, IRM bridge server, and all workstations that access RDP must be members of the same domain. In peer-to-peer environments, they must all be part of the same workgroup. See Details on Installation of RDP 2003 Data Server Installation |
||||||||||||||
| IRM Server | The Internet Reservation Module
(IRM) is an optional product from RDP and requires
a separate Windows 2003 or 2008 server. This server is installed as a member
server to the domain that contains the RDP data server. In
peer-to-peer environments the IRM server must be in the same workgroup as
the Data Server. All rates,
availability, and reservations are stored on the data server. Do NOT
install active directory, or other applications, on the IRM Server.
Windows Small Business server or Windows XP Professional may not me used
for the IRM Server - it must use Windows 2003 or 2008 server. See IRM Server Installation. |
||||||||||||||
| IRM Security | Security with the IRM has proven excellent and is divided into the following areas:
|
||||||||||||||
| Outgoing SMTP E-mail Server Required |
RDP sends e-mails to guests, owners, groups, travel agents, and others from the IRM and
our RDPWin product. See Installation of Outgoing SMTP E-mail Server and RDP E-mail Marketing for more detail. |
| Home | RDPWin | RDP-DOS | IRM/IRM.Net | Open A Web Support Ticket |
|---|---|---|---|---|
|
Version 2.xxx | Upgrade to RDPWin | Link to Marketing Site | Contact Us |
| Training | Vendor Interfaces | Troubleshooting | RDP Sales Website |
