Venice
DCOM
Introduction
 
DCOM (= Distributed COM) makes it possible to create COM objects on a remote computer.

This can be useful if it is not desired to activate Venice on the client computer that needs access to COM objects.
Another reason to use DCOM is for security issues. For instance, it is not desirable to give the Internet Server access to the server hosting the Venice database via share names. With the use of DCOM, this can be prevented.

DCOM communicates via RPC (= Remote Procedure Calls) between the client and the server. When the client requests the creation of a COM object, the object is created on the remote server which has access to Venice locally and can have all the necessary rights, even if the client computer has no file permission rights on the server!

Note that DCOM is not an ideal solution for an environment with high (network) latency since you incur the latency time twice for each Venice SDK call. In such cases an alternative approach is to write your own host application to group several Venice SDK interface calls and expose this as a higher level interface with fewer calls over the network. This may or may not involve the use of DCOM.
This same basic concept is also applicable if you need features beyond those that DCOM provides, such as accessing the SDK from 2 computers that are not in the same network domain (DCOM does not work for cross-domain access)
 
Setting up DCOM
 
On the domain controller
   
 
All domain users who will be using DCOM must be made a member of the security group 'Distributed COM Users'.
Create a new domain user (e.g. ClSdkUser) and make him member of the 'Distributed COM Users'.
   
On the Venice server
   
 
Registration of the Exact Venice SDK
 
 Install Venice on the server
This will register the SDK automatically.
 
If you want to use the Exact Venice SDK on the console of this server with automatic logon
 
Log on in Windows as the user who will create COM objects
From the Main Manu choose application button - Preferences – Configuration - Development Kit
Select 'Allow automatic logon' and enter a Venice logon name
Choose the language
   
Create the Exact Venice SDK COM+ application
 
Start the program 'Component Services' (DCOMCNFG.EXE)
In the tree, expand 'Component Services' - 'Computers' – 'My Computer'
Select 'COM+ Applications'
Right click and choose 'New' – 'Application'
In the 'Application Install Wizard'...
 
Choose 'Next'
Choose 'Create an empty application'
Enter the name 'ClSdk Remote Server' and choose 'Server application' and click 'Next'
On the 'Application Identity' page, choose 'Local Service' and click 'Next'
On the 'Add Applications Roles' and 'Add Users to Roles' pages click 'Next', then 'Finish'
In the tree, select the newly created application (ClSdk Remote Server)
Right click and choose 'Properties'
On the Properties dialog...
 
On the 'Security' tab, clear the check box 'Enforce access checks for this application'
Choose 'Connect' in the combo box 'Authentication Level for Calls'
Choose 'Identify' in the combo box 'Impersonation Level'
If the server is accessed by other computers than an internet server, select the 'Identity' tab.
Check 'This User' and enter the name and password of the newly created SDK user (e.g. ClSdkUser).
Click OK
In the tree again, expand the newly created application and highlight 'Components'
Right click and choose 'New' – 'Component'
On the wizard page...
 
Click 'Next'
Choose 'Install new component(s)'
Choose ClSdk.tlb and  ClSdk. dll which are located in <Venice System>\Bin
On the following page, all interfaces are listed. Click 'Next', then 'Finish'
   
Create the Exact Venice SDK application proxy
 
In the tree of the Component Services, select the application 'ClSdk Remote Server'
Right click and choose 'Export'
In the 'Application Export Wizard'...
 
Click 'Next'
Enter the full path and filename of the proxy (msi-file), preferably '<Venice System>\SDK\ClSdkProxy.msi'
Select the 'Application proxy' radio button
Click 'Next' (this can take a while) and 'Finish'
   
Edit and Import registry file
 
If automatic logon is required, edit 'ClSdkLM.reg' which is located in <Venice System>\SDK and change the user name
Import the registry file in the registry by double clicking it
   
Check NTFS permissions
Check in Windows Explorer that the COM+ Identity (LOCAL SERVICE or the ClSdk user) has the following NTFS permissions:
 
'Read & Execute' rights in C:\Pvsw (the database engine directory) and subdirectories
'Modify' rights in <Venice Root> and its subdirectories
   
On the client computers
 
Prepare the Exact Venice SDK directory
 
Create a directory for the Exact Venice SDK
Copy the content from <Venice System>\SDK on the server to this directory
If you exported the application proxy 'ClSdkProxy.msi' to another directory than <Venice System>\SDK on the server in a previous step, do not forget to copy that file too.
   
Install the application proxy
 
Start 'Component Services' (DCOMCNFG.EXE)
In the tree Expand 'Component Services' - 'Computers' – 'My Computer'
Select 'COM+ Applications'
Right click and choose 'New' – 'Application'
On the wizard page...
 
Click 'Next' and choose 'Install pre-built application(s)'
Locate 'ClSdkProxy.msi', select it and click 'Open'
On the 'Select Application Files' page click 'Next'
On the 'Application Installation Options' page choose 'Specific directory'
Select the local directory (on the client) where 'ClSdkProxy.msi' is located and click 'Next'
Click 'Finish'
In the tree, under 'COM+ applications', select 'ClSdk Remote Server'
Right click and choose 'Properties'
On the 'Properties' dialog...
 
Select the 'Activation' tab
Verify that the 'Remote Server Name' is the name of the Venice server
Exit the properties dialog
   
If the client computer is an internet server...
 
If the server will create Exact Venice SDK COM objects from ASP-pages, you must change the anonymous user in IIS (Internet Information Server)'.
IIS uses by default the user IUSR_<Computer Name> (e.g. IUSR_INETSERVER) for anonymous access. Since this user is a local user (not a domain user), he cannot access a COM+ application on another server. Therefore, the special DCOM user (e.g. ClSdkUser) must be used for anonymous access on pages creating COM objects.
Start 'Computer Management' that can be found under 'Administrative Tools'
In the tree, expand 'Services and Applications' - 'Internet Information Server' - 'Web Sites'
Create a new web site or a new directory that will contain the ASP-pages that use the Exact Venice SDK
Right click on the site or directory and choose 'Properties'
Select the 'Directory Security' tab
Click 'Edit'
On the 'Authentication Methods' dialog...
 
Select 'Anonymous access'
Enter the name of the special Exact Venice SDK domain user you created in a previous step (e.g. ClSdkUser) and his password
Click 'OK'
   
On the IE clients
 
Following is important only if 'Anonymous access' is not permitted in the IIS...
Start Internet Explorer
Choose 'Tools' – 'Internet Options'
Select the 'Security' tab
Select 'Local intranet'
Choose 'Custom Level'
Locate 'User Authentication' at the bottom of the tree
Select any setting except 'Anonymous logon'