Planning your iMIS architecture
There are many things to complete before you begin your iMIS installation. The following section outlines a few key steps to follow such as planning your architecture, licenses and views, and configuring accounts for database access.
The server architecture of iMIS allows you to install all the components onto a single iMIS server, for simple client/server architecture, or spread the components across multiple iMIS servers, for better performance in larger organizations.
The installation process automates many steps, but you must be clear about the configuration you want in order to manage the process successfully. In planning your architecture, your task is to map out how many servers are needed and what will be hosted on each server?
- To protect your investment, choose servers for which you can upgrade memory, processors, and storage.
- Add an Uninterruptible Power Supply (UPS) to servers, to smooth shutdowns after power loss.
- Implement RAID. RAID 5 is the best configuration. RAID 1 is typical, depending on what your server can accommodate:
- RAID 5 array – 3 drives of the same size
- RAID 1 array – 2 drives of the same size
- No RAID – 1 drive
- Schedule and verify regular disk backups to tape, reserve disk, or other sufficiently sized storage.
Note: Installing iMIS on the same server as Microsoft Exchange Server is not recommended or supported.
- When possible, put the iMIS application Server and Workstations/Terminal Server on the same network, not separated over the Internet. However, you do not have to co-locate the database server with any iMIS server.
- When hosting your systems internally at your office, use no less than a T1 connection for the servers. This gives your users (both internal and external) the best experience with iMIS and your website.
- When hosting your systems with an external hosting company, ensure the external hosting company can provide at least 10 Mbps speed, with a further burst possible, in case of sudden traffic spikes.
iMIS has three user classes, which are the foundation of the credentials for each user record that you define in System Setup (see Creating iMIS user records). These user classes are licensed separately, so your license agreement with ASI determines the number of each user class you can define.
- Full user (system administrators and non-SysAdmin staff) licenses offer complete access to iMIS functionality, limited by the specific permissions defined in user records.
- Public user licenses (which cost the least) offer very limited access to iMIS functionality, which is designed for self-service by members.
What users see depends on how they are licensed (Full or Public) and how they are connecting (Advanced Accounting Console or Web):
- Administrative views (Advanced Accounting Console) run from a workstation, local or remote:
- Administrators who customize, support, or extend iMIS
- Business managers who handle finance, commerce, marketing, and so forth
- Staff site:
- Marketing and fundraising staff
- Staff who need to perform changes to customer records
- iMIS administrators who might need remote web-based access to iMIS system setup
- Executives or managers who occasionally consult iMIS data
- Volunteers who perform limited customer service tasks
- Member site, Donor site, Annual Conference site:
Full users can perform administrative views. This view provides access to setup and financial functionality of iMIS, which is typically required by back office staff. This access is restricted by specific user permissions that you grant or deny. The administrative view serves the following roles:
Staff users can browse to and access various areas of the Staff site depending on their authorization level. Access to areas such as Contacts and Directory makes it easy for staff to view and modify basic contact and transactional information on behalf of any iMIS user. Browser-based access offers convenience to staff users who are working away from their desks and even off-site. The Staff site serves the following roles:
Members, the general public, and anonymous users have varying levels of access to public-facing sites. Anonymous users will see very little information until they register themselves as a Public user (or an iMIS administrator creates a Public user record for them). Public and Full users all see the same features and information, which is intended for limited commerce and contact self-service activities by organization members. Users can register for events, pay dues, shop for products defined in iMIS, and check out.
The iMIS installer needs a sysadmin (System Administrator) account and password on your SQL Server because the iMIS installer creates special logins on the iMIS instance to enable system-level authentication between iMIS and SQL Server. These special logins spare iMIS users from needing a defined login or user on the SQL Server instance or iMIS database.
To implement iMIS, the following are the database permissions that you need:
- Attach database (sysadmin): To attach iMIS to a new database, the installer needs a sysadmin account. You can use your sa account for this.
- Use database (db_owner): To authenticate users to access your iMIS database instance, you need a db_owner account.
If you are upgrading an existing iMIS database, you do not need a sysadmin account because the database is already attached.
You can install iMIS without having to give your database’s sa (System Administrator) user password to anyone. The installer uses the specified system administrator account to do tasks such as attaching the database, but it does not retain this account’s information anywhere. As soon as installation is completed, you can delete the temporary sysadmin account as long as you supplied a separate login under which iMIS can run.
For optimal security, do the following to create a temporary sysadmin account to use during installation:
- Open your SQL server management application.
- Using the sa login, connect the service that will host your iMIS database.
- Go to Service > Security.
- Right-click and select New > Login.
- Enter a Login name, for example, sa_temp.
- Select SQL Server authentication.
- Enter a password and confirm.
- Deselect Enforce password policy.
- On the Server Roles tab, select sysadmin.
- Click OK.
- Disconnect from the SQL service and verify that you can log in to the service using the new login.
- After installation is completed and verified, return to your SQL server management application and delete the temporary account.
Note: Special characters in the password can disrupt command-line processing, so use only alphanumeric characters and ! # @, with no spaces. You can use hyphens and underscores after the first character, but avoid all other punctuation and symbols.
For optimal security, do the following to create a separate account for iMIS to use to access your database:
- Open your SQL server management application.
- Using the sa login, connect the service that will host your iMIS database.
- Go to Service > Security.
- Right-click and select New > Login.
- Enter a Login name, for example, imis_db.
- Select SQL Server authentication.
- Enter a password and confirm.
- Deselect Enforce password policy.
- Click OK.
- Disconnect from the SQL service and verify that you can log in to the service using the new login
Note: Special characters in the password can disrupt command-line processing, so use only alphanumeric characters and ! # @, with no spaces. You can use hyphens and underscores after the first character, but avoid all other punctuation and symbols.