Home RDP Sales Contact Us Training  
RDP Support  

     Open a Web Support Ticket
RDPWin
Knowledge Base		 RDP-DOS
Knowledge Base		 IRM and IRM.Net
Knowledge Base		 Crystal
Knowledge Base
         

Internet Reservation Module (IRM)
Hardware & Software Requirements 

This document outlines the hardware and software requirements for the Internet Reservation Module (IRM).  The IRM must be installed on a Windows 2003 or 2008 Standard Edition server at the property, which in turn accesses your data server to provide true last room availability.  All reservations are stored immediately on your data server, just as if they were typed in on a workstation at the property.  Topics covered in this document include:

Links to RDP Data Server and Internet Reservation Module (IRM) documents

IRM Hardware Topics in this document include:

IRM Operating System - Windows 2003/2008

RDP's Internet Reservation Module is designed to run on Microsoft Windows 2003 or 2008 Server.  Older versions of Windows, such as Windows 2000, NT, or Windows XP professional are not supported.  No other software should be installed on the IRM server, such as accounting systems, small business server, etc.  The IRM is designed as a stand alone application.

For more information, see IRM Installation Directions.

Minimum Internet Reservation Module (IRM) Server Configuration
  • Windows 2003 R2 Standard Edition or Windows Server 2008 for 32-bit or 64-bit versions (not Small Business server). 

    Note    : this machine does not need to be a 'server class' box; it simply needs to be a machine with this Operating System, and does not need R.A.I.D., dual disks, etc.
  • One quad core processor
  • Four gigabytes of RAM Memory
  • Gigabit Network Card
  • Hard disk with at least 80 gigabytes free
  • Microsoft .Net Framework 3.0
  • Flat screen Monitor at 1024 x 768 resolution at 96 dpi.   Lower resolutions are not supported, and higher resolutions will result in displaying RDPWin screens with very small text that is difficult to read.

Separate Server for IRM Improves Security

RDP's recommendation is to install the IRM on a separate computer running Windows 2003 or 2008 server, which we call the "IRM Bridge Server."  When a guest, travel agent, group, or owner accesses rates and availability, they connect to the IRM bridge server, which in turn accesses your data from the data server.  All IRM reservations, as well as normal internal reservations, are stored immediately in the same database on the data server.  

Remember to backup the C:\Inetpub directory every day on the IRM server to avoid losing important files and pictures.  See Backup for more details.

The design of having your data on one server/workstation ("data server") and a separate Windows 2003 or 2008 bridge server for the IRM improves security.  While there is a great deal of security already provided by Microsoft operating systems and a firewall, it may still be possible for a sophisticated person to "hack into" the IRM server.  With a separate IRM server, there is no data stored on the IRM.  This "hacker" cannot view or damage data on the IRM, because there is no data on the IRM: it's all on the data server.

RDP has now installed over 300 IRM systems on separate servers.  To date, there has not been a single occurrence of a hacker viewing any data or damaging any data in this environment!

The remainder of this document assumes the installation of the IRM on a separate Windows 2003 server.

Dedicated Online Connection to the Internet

The IRM Bridge Server must be accessible to Internet browsers 24-hours per day, 365-days a year.  This Internet connection is normally maintained through an Internet Service Provider (ISP).  Contact your ISP for Internet connection options.  The minimum connection speed is 384K dedicated to the IRM*.  Higher connection speeds are required, depending on the anticipated number of simultaneous users.  Additionally, if a large number of pictures and graphics are used, a higher connection speed is required.   Possible connection types include DSK, T1, Microwave, Frame Relay, ISDN, etc.  Please contact RDP Sales for configuration assistance for large sites.

*Ideally, a separate Internet connection with a separate firewall should be installed and dedicated to the IRM.  This assures that the entire bandwidth is available for Internet guests at all times.  If the IRM is sharing an internet connection with the rest of the property, it is possible the performance of the IRM will be slow during periods of peak usage.  The IRM can generate a tremendous amount of revenue for the property and is well worth the investment of a dedicated internet connection running at 384KB or higher.

It is important to test your Internet connection for performance.  Please see Testing the performance of the IRM Connection.

Windows 2003 Terminal Server Installed

In order to install and support the IRM, RDP support personnel must be able to access the IRM Bridge Server via the Internet.  This is accomplished using Windows 2003 Terminal Services software, which is included at no additional charge with Windows 2003 server.  The firewall must be configured to open port 3389 and redirect it to the IRM Bridge Server to allow Terminal Services traffic from RDP Support. 

RDP Support Access to Administrator Password

To install and support the IRM, RDP support needs to know the password to the administrator account on the IRM bridge server and the RDP Data Server.   

Stand Alone Firewall and Security

RDP has designed the Internet Reservation Module to be extremely secure.  Since 1999, RDP has installed over 300 IRM systems, and we have never had a "hacker intrusion" to the RDP data Server.   This high level of security has been accomplished as follows:

Stand Alone
Firewall		 The IRM requires the installation of a "stand alone" firewall, which is designed to stop hackers from breaking into your network.  "Stand alone" means a separate physical firewall box.  No firewall software can be installed on the RDP Data Server or IRM Server.  

Most firewalls, when first installed, prevent all access to any workstation or server on your network from the outside. The firewall is then opened for specific machines, and specific ports on those machines, to the outside world.  Normally, only the IRM bridge server is opened, and only on a few ports.  The firewall therefore stops all outside access to all other machines, such as the RDP Data Server.
Ports to Open On the firewall the following ports must be open for the IRM bridge Server:

A physical firewall is required to secure the IRM.net from viruses and other attacks. The external IP address must be redirected to the internal address of the IRM.net Bridge for ports 80, 443, and 3389.  Additionally, the firewall must be open to allow outgoing Email from the SMTP server installed on the IRM.net bridge on port 25.  Do not, under any conditions, assign the external IP address directly to the IRM.net, as this creates a security loophole and also prevents proper communication from the IRM.net to the data server. 

Port  Reason
25 E-Mails are sent out to guests from the IRM.net bridge Server using Port 25.  
80 Internet Traffic (HTTP) Required for all IRM.net systems
443  Secure Internet (HTTPs) Required if IRM.net has Security Certificate
3389  Terminal Services Required for RDP support to access server

 
Only One 
Network Card in Data Server and IRM Server		 There can be only one network card installed in the IRM Bridge Computer and data server.  These should be standard Ethernet 100MB card (or faster).  Both the IRM Bridge Server and the data server must be connected to the same hub or switch, since a great deal of data is passed between the IRM bridge server and the data server.  

Do not install a separate network card in the IRM Bridge server or the data server that connects directly to the internet router.  Both the IRM bridge computer and the RDP data server must be "behind" the stand alone firewall.  IP address redirection of ports 80, 443, 3389 should be set up to the IRM bridge server.  See "ports to open" above.  A diagram appears at the end of this document.
No DMZ allowed The IRM Bridge server cannot be placed in a "DMZ" (De-militarized zone), because an enormous amount of data must pass between the IRM bridge server and the RDP Data server.  A DMZ is designed to stop this communication.  If the IRM is installed in a DMZ, it will not work.  The communication with the Pervasive database on the data server is stopped by the DMZ.

The IRM is very secure without a DMZ.  With over 300 installations, RDP has not yet had a single security breech to the data server from the IRM Bridge server.
Dedicated IRM Bridge Server RDP requires a dedicated IRM Bridge Server.  This server acts as a "Bridge" to your data server, and provides a tremendous amount of additional security.  All guest data (such as reservations, credit card information, and addresses) is stored on the data server, which is protected by the firewall.  
Virus Protection RDP requires the installation of virus protection software on the IRM and data server, which provides another level of security.  Norton Anti-Virus for an IRM Server costs less than $100.
Windows Security Microsoft has spent millions of dollars to provide a tremendous amount of security as part of Windows 2003.  If somehow a hacker was able to get through the firewall, and through the dedicated IRM Bridge, and then through the virus protection software, he/she would still have to overcome Microsoft Security.  While this may be possible in theory, it has not occurred in over 300 installations.  
Security Certificate (Data Encrypted)

RDP suggests using a Security Certificate when processing credit card transactions online with the IRM. Security Certificates insure that passwords and credit card information are encrypted and secure over the Internet connection.  A Security Certificate must be purchased annually from a Certificate Authority.  The IRM will use Secure Socket Layer (SSL) for encrypting data on the IRM Bridge Server.  There are a number of companies that provide the certificate, including:

Microsoft Front Page

The IRM contains many HTML files that can be modified by the customer, including:

All HTML files can be modified with any HTML editor.  It is not possible for RDP support to learn all the different HTML editors, so we require using Microsoft Front Page, with which we are very familiar.

Paint Shop Pro Version 8 or Higher

The Internet reservation module can have a wide variety of pictures to make the site much more appealing to the guest.  A picture editor is needed to reformat pictures to the correct size for the IRM.  While a variety of picture editing software might work, RDP support is familiar with Paint Shop Pro.  If you would like help from RDP support with picture reformatting you must use Paint Shop Pro Version 8 or higher, which is available at a nominal cost from www.jasc.com.

Diagram on Network Configuration


Diagram of Data Server,  IRM Server, and Workstations
Warning:  Microsoft Small Business Server can not be used for the Internet Reservation Module (IRM), because Small Business Server installs Microsoft Exchange which does not work with the IRM. 
Item Explanation
Anti-Virus Software Anti-virus software should be installed on the RDP data server, IRM server, and all workstations.  It is critical to configure the auto-protected mode of all anti-virus software to scan local drives only.  If anti-virus software is set to scan network drives, all network based software such as RDP will run slowly.

See Do Not Scan Network Drives with Anti-virus Software.
Router  A router connects your firewall to the Internet.  For security reasons, it is critical to always connect the router to a firewall and not directly to a network card in any server or workstation.
Firewall A firewall provides security when an internal network is connected to the Internet. The firewall must be a physically separate device (a "stand alone" firewall).  RDP software does not work with firewall software installed on the RDP data server or the IRM Bridge Server.  The firewall must be capable of "address redirection."  For example, the external IP address of 65.38.150.5 will be redirected to the internal address of the IRM server (10.0.0.4 in this example).

See Linking Options From Your Marketing Website to the IRM and IRM.net.
Firewall Ports
to Open

DMZ setup for IRM

Ports for Netmeeting		 A physical firewall is required to secure the IRM from viruses and other attacks. The external IP address must be redirected to the internal address of the IRM Bridge for Ports 80, 443, and 3389.  Additionally, the firewall must be open to allow outgoing e-mail from the SMTP server installed on the IRM bridge on Port 25.  Do not, under any conditions, assign the external IP address directly to the IRM, as this creates a security loophole and also prevents proper communication from the IRM to the data server.

Ports Reason
25 E-mails are sent out to guests from the IRM bridge server using Port 25.  See Installation of Outgoing SMTP E-mail Server
80 Internet traffic (HTTP) is required for all IRM systems.
443  Secure Internet (HTTPs) is required if IRM has Security Certificate.
3389  Terminal services are required for RDP support to access server.
DMZ Only

1583
3351		 Some customers want to set up the IRM in a Demilitarized Zone (DMZ).  RDP uses the Pervasive.SQL database, which uses two TCP ports when communicating from the client to the server, which are: 1583 and 3351. These ports will have to be open on the firewall, as all other ports required by Microsoft for the Windows 2003 IRM server to communicate with the Windows 2003 Data Server. Please contact Microsoft for details on what ports are required.
522, 389
1503, 1720
1731		 Any workstation that connects to RDP with NetMeeting must open various ports.  For instructions on how to configure your firewall to allow workstations to connect to RDP using Net Meeting, see Microsoft article ID# 158623 How to Establish Net Meeting Connections Through a Firewall.
Switch or Hub All workstations are connected to a hub or switch which must be a minimum of 100 megabits.  The RDP data server and IRM bridge server must be connected to the same hub or switch.  Ideally, all workstations that access RDP should be connected to the same hub or switch as the data server.  Multiple hubs or switches may be installed for larger installations.  Regardless of how many hubs or switches are used, all workstations that access the RDP data server must be on the same subnet.
Same Subnet
and Domain		 The RDP data server, IRM bridge server, and all workstations that access RDP must be on the same subnet and in the same domain.  For example, if the IP address assigned to the data server is 10.0.0.3, then the IRM bridge server and all workstations should have an internal IP address of 10.0.0.x, where x can range from 1-254.  The "Subnet mask" on all computers would be 255.255.255.0.
One and Only One
Network Card		 The RDP data server, IRM bridge server, and all workstations that access RDP should have one, and only one, network card.  When more than one network card is installed, various communication problems result.
Workstations RDP supports Windows XP Professional or Windows Vista workstations.
Data Server

Domain
Controller

or

Peer-to-Peer 		RDP is installed in a Windows 2003 "Active Directory" environment or "Peer-to-Peer".  For most installations, the RDP Windows 2003 or 2008 data server also serves as the domain controller.  However, if there is already a Windows 2003 or 2008 domain controller, the RDP data server can be a member server of the existing domain.

If there are other applications that require a Windows 2003 or 2008 server, RDP suggests placing them on another Windows 2003 or 2008 server, not the RDP data server or IRM bridge server.  This maximizes performance and reduces conflicts.

The RDP data server, IRM bridge server, and all workstations that access RDP must be members of the same domain.  In peer-to-peer environments, they must all be part of the same workgroup.

See Details on Installation of RDP 2003 Data Server Installation
IRM Server The Internet Reservation Module (IRM) is an optional product from RDP and requires a separate Windows 2003 or 2008 server.  This server is installed as a member server to the domain that contains the RDP data server.  In peer-to-peer environments the IRM server must be in the same workgroup as the Data Server.  All rates, availability, and reservations are stored on the data server.  Do NOT install active directory, or other applications, on the IRM Server.  Windows Small Business server or Windows XP Professional may not me used for the IRM Server - it must use Windows 2003 or 2008 server.

See IRM Server Installation.
IRM Security Security with the IRM has proven excellent and is divided into the following areas:

  1. A good firewall stops most intrusions.
  2. Microsoft security on the IRM server and data server is very strong.
  3. Anti-Virus software should be installed on the IRM server and must be set to NOT scan network drives.
  4. All credit card data is encrypted when sent to the guest using SSL technology.
  5. All sensitive data, such as credit card information, is stored on the data server and not the IRM.  If a hacker manages to get through the firewall and Microsoft security to the IRM server, they still have to get from the IRM server to the data server to retrieve data.
The IRM has been installed at over 300 sites over the last 10 years, and there has not yet been an instance of someone "hacking" into the Data Server from the IRM.  However, there is always a first time; and there is some security risk. The only way to prevent all theoretical security problems is to completely remove the IRM from the Internet.  Unfortunately this would also prevent all reservations!
Outgoing SMTP E-mail

Server Required		 RDP sends e-mails to guests, owners, groups, travel agents, and others from the IRM and our RDPWin product.

See Installation of Outgoing SMTP E-mail Server and RDP E-mail Marketing for more detail.

Home RDPWin RDP-DOS IRM/IRM.Net Open A  Web Support Ticket
Version 2.xxx Upgrade to RDPWin Link to Marketing Site Contact Us
Training Vendor Interfaces Troubleshooting RDP Sales Website