Administering Web Resources

1
Administering Web Resources

• Chapter Thirteen

2
Installing and Configuring Internet Information
Services

• IIS 6.0 is a Windows 2003 application that
  provides Web-related services to an organization
• IIS provides Web-related services that can be
  implemented to host a corporate intranet or to
  provide an Internet presence
• IIS consists of four main components
• World Wide Web (HTTP) services
• File Transfer Protocol (FTP) services
• Network News Transfer Protocol (NNTP) services
• Simple Mail Transfer Protocol (SMTP) services

3
Installing IIS
Figure 6-1 Installing Internet Information
Services
4
Installing IIS
Figure 6-2 Viewing additional IIS applications
and components
5
Installing IIS
Table 6-1 Internet Information components
6
Installing IIS
Table 6-2 IIS folder structure
7
Installing IIS
Figure 6-3 Viewing the IIS user accounts
User accounts for anonymous access
8
Installing IIS

• After an IIS installation, you will notice
  several new IIS-based services, including
• FTP Publishing Service
• IIS Admin Service
• Simple Mail Transport Protocol (SMTP)
• World Wide Web Publishing Service

9
Installing IIS
Figure 6-4 Viewing the various Internet
Information Services
Services Installed
10
IIS Architecture
11
Configuring Web Server Properties

• After installing IIS components, you can manage
  IIS by using an administrative tool called the
  Internet Services Manager

Figure 6-5 The Internet Information Services
console
12
Configuring Web Server Properties

• IIS console display the default sites and
  services initially installed and that can be
  managed with this utility, including
• Default FTP site
• Default Web site
• Administration Web site
• Default SMTP virtual server
• Default NNTP virtual server

13
Configuring Web Server Properties

• Master properties
• IIS parameters configured on the server and
  inherited by all Web and FTP sites hosted on the
  server
• If an individual site is pre-configured when
  master properties are set, you are prompted
  whether or not to change the site settings

Figure 6-6 Configuring the properties of an IIS
server
14
Configuring Web Server Properties

• Bandwidth throttling
• Allows you to limit the network bandwidth that is
  available for Web and FTP connections to the
  server

Figure 6-7 Viewing the Master Properties of the
WWW service
15
Configuring Web Server Properties
Figure 6-8 Configuring inheritance overrides
16
Creating and Configuring Web Site Virtual Servers

• To make certain no configuration conflicts take
  place between sites, address the following issues
  before creating a new site
• Identify the IP address to which the Web site
  responds
• Identify the TCP/IP port to which the Web site
  responds
• If you have multiple Web site virtual servers
  responding to the same IP address, identify the
  host header name to which your new Web site
  responds

17
Creating and Configuring Web Site Virtual Servers

• Each Web site on your server must have a way of
  being uniquely identified
• There are three ways that you can ensure each Web
  site is unique
• Use a separate IP address to distinguish each Web
  site
• Use a single IP address with a specific port
  number for each Web site
• Use a single IP address with multiple host
  headers representing each Web site

18
Creating and Configuring Web Site Virtual Server
Figure 6-9 Assigning an IP address and port
number to a new Web site
19
Creating and Configuring Web Site Virtual Servers
Figure 6-10 Configuring Web site access
permissions
20
Creating and Configuring Web Site Virtual Servers
Figure 6-11 Viewing the new Web site
21
Modifying Web Site Properties
Figure 6-12 Configuring the new Web site
properties
22
Modifying Web Site Properties
Table 6-3 Web site properties tabs
23
Default Web Page Location

• Home Directory
• Default is c\Inetpub\wwwroot
• Documents
• index.html

24
Modifying Web Site Properties
Table 6-3 Web site properties tabs (cont.)
25
Creating Virtual Directories

• Virtual directory
• A mapping to a physical directory containing
  content to be included on a Web site
• Alias
• Name used to hide the real name of a directory
  and to simplify the directory name that would be
  used to access the information

26
Creating Virtual Directories
Figure 6-13 Viewing the Customers virtual
directory
27
Creating Virtual Directories
Figure 6-14 Configuring a virtual directory
28
Configuring Authentication for Web Sites

• Authentication
• Refers to determining whether a user has a valid
  user account with the proper permissions to
  access a resource such as a shared folder or Web
  site
• After a user account has been validated, it is
  given access to all resources to which it has the
  proper permissions

29
Configuring Authentication for Web Sites
Figure 6-15 Configuring authentication on the
Web site
30
Anonymous Access

• Anonymous access
• Allows a user to access a Web site without having
  to provide a username and password
• Uses the IUSR_servername user account to provide
  authentication credentials

Figure 6-16 Modifying the Anonymous User Account
31
Basic Authentication and Digest Authentication

• Basic authentication
• Prompts users for a username and password to be
  able to access the Web resource
• User needs a valid Windows Server 2003 user
  account
• One drawback is that information is transmitted
  using unencrypted Base64 encoding (easy to hack)
• Digest authentication
• Similar to basic authentication but hashes user
  name and password using MD5 algorithm to prevent
  hackers from obtaining the information
• Has specific software and Active Directory
  requirements

32
Integrated Windows Authentication

• Integrated Windows authentication
• Does not ask the user for a password
• Uses the clients currently logged-on credentials
  to supply a challenge/response to the Web server
• NET Passport authentication
• New method currently in testing to use the .NET
  Passport service
• Will require preproduction tests and a
  registration process

33
Integrated Windows Authentication

• If multiple authentication methods are
  configured, the following rules apply
• If Anonymous authentication and one other method
  are selected, the other method only applies if
  Anonymous authentication fails
• FTP sites cannot use Digest or Integrated Windows
  authentication
• Both Digest and Integrated Windows authentication
  take precedence over Basic authentication

34
Configuring Server Certificates and SSL

• The Directory Security tab also allows you to
  configure secure Web communications by
  implementing Secure Socket Layer
• Secure Socket Layer (SSL)
• Protocol used to encrypt Web traffic between a
  client and the Web server

35
Configuring Server Certificates and SSL
Figure 6-17 Viewing the Directory Security tab
of a Web site
36
Configuring Server Certificates and SSL
Figure 6-18 Requiring secure channel
communication
37
Secure Sockets Layer (SSL)

• The Secure Sockets Layer (SSL) protocol encrypts
  Web traffic between a client and a Web server
• Configured from the Directory Security tab of the
  properties of a Web site
• Users access a secure server using https//
  prefix
• SSL requires a server certificate from a
  certificate authority or from installed
  certificate services
• Uses port 443

38
Configuring FTP Virtual Servers

• File Transfer Protocol (FTP)
• Used to transfer files between two computers that
  are both running TCP/IP
• The FTP service included with IIS 5.0 supports
  FTP and enables user to transfer files between
  the Internet and a private network

39
File Transfer Protocol

• FTP uses the Transmission Control Protocol (TCP)
  for file transfers
• Important features of TCP include
• The sending computer waits for an acknowledgement
  from the receiving computer before sending any
  more packets
• All packets at the sending computer are assigned
  a sequence number so their data can be recognized
  at the receiving computer
• Each packet also contains a checksum for ensuring
  the integrity of the data

40
File Transfer Protocol

• The File Transfer Protocol (FTP) is used for file
  transfers between computers running TCP/IP
• FTP service is included with IIS 6.0
• FTP uses two ports (TCP ports 20 and 21)
• Port 21 carries connection initiation and
  diagnosis information
• Port 20 carries data
• FTP uses Transmission Control Protocol (TCP)
• Connection-based protocol, session precedes data
  transfer

41
File Transfer Protocol

• Features of TCP include
• Sending computer waits for an acknowledgement and
  retransmits data if it is not received
• Packets are assigned a sequence number
• Packets contain a checksum for ensuring integrity
• FTP requires a server running FTP server software
  and clients must run FTP client software
• There are many free and shareware utilities that
  can be downloaded for running FTP

42
Configuring FTP Properties

• When you are configuring the properties for FTP,
  they can be configured at one of three different
  levels
• You can configure Master Properties for all FTP
  sites running on an IIS server, just as you can
  for a Web site
• You can configure properties for each individual
  FTP site by right-clicking the appropriate site
  in the IIS console, and clicking Properties
• You can configure properties at the virtual
  directory level by expanding the appropriate FTP
  site, right-clicking the virtual directory, and
  clicking Properties

43
Configuring FTP Properties
Figure 6-19 The default FTP site properties
44
Configuring FTP Properties
Figure 6-20 Viewing FTP virtual directory
properties
45
Creating an FTP Site Virtual Server
Table 6-4 FTP site property tabs
46
Creating an FTP Site Virtual Server
Figure 6-21 Viewing TCP/IP access restrictions
47
Resource Permissions

• NTFS permissions
• Access to resources stored on an NTFS volume can
  be controlled through the use of NTFS permissions
• IIS permissions
• Combining NTFS permissions and IIS permissions
  provides the most security for you Web content
• The effective permission is always the most
  restrictive of configured permissions

48
Resource Permissions

• IIS permissions
• Always global
• Can be configured for Web sites and FTP virtual
  servers, virtual directories, physical
  directories, files
• Can set Read and/or Write permissions
• Can set Execute permission if site contains
  scripts or executables

49
IP Address and Domain Name Security

• Can secure Web content by controlling access
  based on the IP address of the client or domain
  name
• Access can be explicitly granted or denied
• Access can be granted or denied to an individual
  IP address or to a particular address range

50
Starting and Stopping Services
Figure 6-22 Restarting the IIS services
51
Backing Up the IIS Configuration

• IIS 6.0 stores its configuration settings in a
  database referred to as the IIS metabase, which
  can be backed up using one of four methods
• Use the Backup utility in the IIS console to back
  up the database
• The contents of the backup directory can be
  copied to another folder to provide redundancy
  after an initial backup has been performed
• Use the metabase editor tool to export the
  contents of the database to a text file
• Use the scripting tool provided with the IIS
  software development kit

52
Updating IIS 6.0

• As with most software that you install on your
  server, updates are released to fix any known
  bugs and security issues that are reported
• The two most common types of updates that you
  apply to your IIS server are
• Service packs
• Hot fixes

53
Web Folders

• A Web folder is a shared folder designed to be
  accessed using HTTP or FTP
• Use the Web Sharing tab of the folder Properties
  to configure the folder
• Web folders can use an alias name
• The Edit Alias dialog box allows you to set the
  name, access permissions, and application
  permissions
• Network clients can open a Web-based file using
• Internet Explorer, My Network Places, Microsoft
  Office XP

54
Remote Administration (HTML)

• Support the ability to manage IIS servers
  remotely via a Web browser interface
• On Windows Server 2003, these tools are not
  installed by default
• Tools must added manually via the Add/Remove
  Windows Components feature of Control Panel
• Access using https//servername8098/admin

55
Internet Printing

• Internet Printing Protocol (IPP)
• Allows printers to be managed via a Web browser
• Allows clients to send print jobs using HTTP
• Requires the installation of IIS and the Internet
  Printing component
• Internet Printing requires that the Internet
  Printing Web Service Extension and the Active
  Server Pages Extension be explicitly enabled
• Access using http//servername/printers

56
Client Access Problems

• Configuration settings you can verify to
  troubleshoot if users are unable to gain access
  to an IIS Server
• Verify TCP/IP configuration settings configured
  on the client
• Check the proxy settings configured through the
  clients Web browser
• To be able to access intranet Web sites, be sure
  to click Bypass proxy server for local addresses
  in the proxy server configuration settings of
  your Web browser
• Check for obvious problems such as whether the
  proxy server is available and online

57
Client Access Problems

• If users are unable to gain access to a Web site
  or FTP site configured on an IIS server, check
  any one of the following
• Check the permissions assigned to the site
• Check to see which authentication method has been
  configured for the site
• Check to see what IP address and domain name
  restrictions have been applied to the site
• If there is a connection limit for the site, make
  sure this limit has not been exceeded

58
Client Access Problems

• If users are unable to gain access to a Web site
  or FTP site configured on an IIS server, check
  any one of the following (cont.)
• If the service has been configured to use a port
  other than the default, make sure the client is
  specifying the correct port number
• If you have not enabled anonymous access, make
  sure the client has a valid user account
• Client computers may contain invalid cached DNS
  information about a specific Internet location