Transcript World Wide Web

Popular Windows Network
Services and Applications
Lesson 7
Objectives
World Wide Web and Web Pages
• The World Wide Web is a system of
interlinked hypertext documents known as
web pages that can be viewed with a web
browser such as Internet Explorer.
• Web pages may contain text, images, videos,
and other multimedia that you can navigate
between by using hyperlinks, and they are
usually found by using a search engine such
as Bing or Google
Web Server
• When you view web pages, you are connecting to
the web server using TCP port 80.
• Since personal information can be sent over the
Internet, including credit card numbers, a
supplemental protocol was developed called SSL.
• SSL, short for Secure Sockets Layer, uses TCP port
443, which uses a digital certificate to encrypt the
packet so that it cannot be read by anyone else
except the source and target.
– When you are using SSL, the browser URL starts
with https (e.g., https://www.acme.com).
FTP
• File Transfer Protocol (FTP) is a standard network protocol
used to transfer a file from one host to another over a
TCP/IP-based network.
• Different from HTTP, it uses two TCP ports to operate—
ports 20 and 21.
• FTP can be used with user-based password authentication
or with anonymous user access.
• Unfortunately, the username, password, and data transfers
are sent unencrypted.
– Therefore, when encryption is needed, you should use
SFTP (SSH File Transfer Protocol), or FTPS (FTP over
SSL), which adds SSL or TLS encryption.
SMTP
• For emails to travel over the Internet, email
servers (or any server or client that sends
email directly out) use Simple Mail Transfer
Protocol (SMTP) as an outgoing mail
transport. SMTP uses TCP port 25.
IIS Manager
Creating a Website
• When IIS is installed, the server will only
have a default Web site.
• IIS was designed to handle multiple Web
sites.
• Therefore, if your organization represents
several subsidiaries, each with its own Web
site, or you are a company that hosts web
services for other companies, you would
create multiple sites within IIS.
Multiple Websites
• The default Web site is made to respond to all IP
addresses assigned to server port 80 and port 443.
• To support multiple Web sites, you can assign additional
IP addresses and assign a Web site to each IP address.
• You can also define a different port instead of port 80 or
443. When a user tries to access http://acme.com, they
are really accessing http://acme.com:80.
– The :80 means port 80.
• One method that allows you to share the same IP
address and port is to use host headers, which are used
to specify a name that the Web site will respond to rather
than all names that point to the address.
Web Server Folders
• When you create a Web site, you specify a folder
that represents the root of the Web site.
• Within that folder, you can create subfolders.
• A virtual directory is a directory used in a Web site
that corresponds to a physical directory elsewhere
on the server, on another server, or on a Web site.
•
Applications
• An application is a grouping of content on a
Web site that is defined at the root level or in
a separate folder that has specific
properties, such as the application pool in
which the application runs and the
permissions that are granted on the folder.
• Each site must have at least one application
named the root application or default
application.
Application Pool
• An application pool is a set of resources (a worker
process or a set of worker processes) used by a
Web site or application that defines the memory
boundaries for the Web site.
• Forcing each application to have its own
application pool ensures that one Web site does
not interfere with another Web site on the same
server, which ensures application performance and
improved application availability.
• Therefore, if one application has a memory leak or
crashes, it will not affect the other sites.
Default Files
• By default, when you type in a Web site’s URL such
as http://acme.com, it will go to the root folder
designed for acme.com and first look for one of the
following files:
1. Default.htm
2. Default.asp
3. Index.htm
4. Index.html
5. Isstart.htm
6. Default.aspx
IIS Security
• Since Web sites are designed to provide
information, some of which may be sensitive, there
will be times when you have to protect that data.
• You can protect it by limiting who can access the
Web site, how users authenticate, and/or by
encrypting the content when a request is made.
• You can grant or deny specific computers, groups
of computers, or domains access to sites,
applications, directories, or files on your server by
using Authorization rules.
IIS Authentication
• Authentication is used to confirm the identity of
clients who request access to your sites and
applications.
• IIS 7.0 supports the following forms of
authentication:
–
–
–
–
–
–
Anonymous
ASP.NET Impersonation
Basic Authentication
Digest Authentication
Windows Authentication
AD Client Certificate Authentication
SSL
• When you use SSL to encrypt web traffic, you
are using asymmetric encryption, which
involves a private key and a public key.
• The public key is provided to anyone who
wants to access the web server, and the
private key is kept secret, usually by the web
server that you are trying to protect.
– The public key is used to encrypt data, which
only the private key can decrypt.
SSL
FTP Through IIS
• With IIS 7.5, you manage FTP through IIS
Manager.
• While Windows Server 2008 includes IIS 7.0,
you still manage FTP through IIS 6.0.
• The majority of FTP sites are used primarily
to download files.
– In most of these situations, FTP uses
anonymous authentication where username
and password are not required.
Remote Access Server
• Today, it is very common for an organization to use
a remote access server (RAS).
• This enables users to connect remotely to a
network using various protocols and connection
types.
• By connecting to the RAS over the Internet, users
can connect to their organization’s network so that
they can access data files, read email, and access
other applications just as if they were sitting at
work.
VPN
• Virtual private networks (VPNs) links two computers
through a wide-area network such as the Internet.
• To keep the connection secure, the data sent
between the two computers is encapsulated and
encrypted.
• The three types of tunneling protocols used with a
VPN/RAS server running on Windows Server 2008
include:
– Point-to-Point Tunneling Protocol (PPTP)
– Layer 2 Tunneling Protocol (L2TP)
– Secure Socket Tunneling Protocol (SSTP)
VPN Connection
Split Tunneling
• By default, when you connect to a VPN using the
previous configuration, all web browsing and
network traffic goes through the default gateway
on the Remote Network unless you are
communicating with local home computers.
• If you wish to route your Internet browsing through
your home Internet connection rather than going
through the corporate network, you can disable the
“Use Default Gateway on Remote Network” option.
Disabling this option is called using a split tunnel.
Remote Desktop Services
• With early networks, users utilized dumb terminals
(systems consisting of a monitor and keyboard
without a processor) to connect to a mainframe.
• Later, computers could use telnet to connect to a
server and execute commands at a command
prompt.
• Remote Desktop Services, formerly known as
Terminal Services, is one of the components of
Microsoft Windows that allows a user to access
applications and data on a remote computer over a
network.
Remote Desktop Licensing Modes
• By default, Windows Servers are configured
to use Remote Desktop for Administration
licensing mode, which supports up to two
remote sessions (three if you count the
console session, which is the session that
you use when you log on to the computer
directly), and is primarily used to connect to
a server to manage it.
RemoteApp
• RemoteApp (or TS RemoteApp) is a special mode
of Remote Desktop Services that allows you to run
an application in its own window instead of
opening a session with Remote Desktop
Connection.
• For the most part, the application looks like a
normal application running on your local computer
but in reality it is running remotely on a server.
• A RemoteApp can be packaged either as a .rdp file
or distributed via an .msi Windows Installer
package.
Remote Desktop Gateway
• Besides using a VPN tunnel, you can use a Remote
Desktop Gateway (RD Gateway) role service to
enable authorized remote users to connect to
resources on an internal private network over the
Internet using a Remote Desktop Connection (RDC)
client.
• RD Gateway uses the Remote Desktop Protocol
(RDP) over HTTPS to establish a secure, encrypted
connection between remote users on the Internet
and the internal network resources on which their
productivity applications run.
Virtual Servers
• By using virtual machine technology, you can
run multiple operating systems concurrently
on a single machine, which allows
separation of services while keeping cost to
a minimum.
• It can also be used to create Windows test
systems in a safe, self-contained
environment.
Microsoft Hyper-V
• Microsoft Hyper-V is a hypervisor-based virtualization
system for x64 computers starting with Windows
Server 2008.
• The hypervisor is installed between the hardware and
the operating system and is the main component that
manages the virtual computers.
• To run several virtual machines on a single computer,
you need to have sufficient processing power and
memory to handle the load.
• However, since most servers often sit idle,
virtualization utilizes the server’s hardware more
efficiently.
Installing Hyper-V
• To install Hyper-V, you need:
– An x64 version of Windows Server 2008.
– 64-bit processors and BIOS that support
hardware-assisted virtualization (Intel VT or
AMD-V) technology.
– Hardware Data Execution Prevention (DEP),
which Intel describes as eXecuted Disable (XD)
and AMD describes as No eXecute (NS) it is a
technology used in CPUs to segregate areas of
memory for use by either storage of processor
instructions or for storage of data.
Hyper-V Manager
Integration Services
• Some of the Windows built-in drivers do not run
efficiently under a virtual environment. Therefore,
you need to install Integration Services, which
includes some basic drivers.
• To install the integration components, open the
Action menu of Virtual Machine Connection and
click Insert Integration Services Setup Disk.
• If Autorun does not start the installation
automatically, you can start it manually by
executing the %windir%\support\amd64\setup.exe
command.
Consolidation
• In many organizations, you may want to
consolidate several physical servers to one
machine running multiple virtual servers.
• Microsoft System Center Virtual Machine Manager
(VMM) allows you to convert existing physical
computers into virtual machines through a process
known as physical-to-virtual (P2V) conversion.
Managing Disks
• When you create a virtual hard drive, you
can define the virtual hard disks as:
– Fixed size virtual hard disks: Take up the full
amount of disk space when created, even if
there is no data using parts of the hard disk.
– Dynamically expanding hard disks: Expands
as it needs space up to its full space.
Snapshots
• One of the strengths of virtual servers is the ability
to take snapshots.
• A snapshot is a point in time image of a virtual
machine that you can return to.
• So, if you make a change to the system, such as
loading a component or installing an update, that
causes problems, you can use the snapshot to
quickly revert back to the point before the change
was made.
• With Hyper-V, you can create 10 levels of snapshot
per virtual server.
Virtual Networks
Summary
• When you view web pages, you are connecting to the web
server using TCP port 80.
• SSL, short for Secure Sockets Layer, uses TCP port 443,
which uses a digital certificate to encrypt data sent to and
from a Web site so that it cannot be read by anyone except
the source and target. When you are using SSL, the browser
URL will start with https.
• File Transfer Protocol (FTP) is a standard network protocol
used to transfer a file from one host to another over a
TCP/IP-based network.
• Microsoft’s web server/application server is Internet
Information Services (IIS).
Summary
• To support multiple Web sites, you can assign
additional IP addresses and assign a site to each
IP address by using different ports for each site or
host headers.
• To configure the IP address, port, and name a Web
site will respond to, you must configure the site
binding.
• A virtual directory is a directory used in a Web site
that corresponds to a physical directory elsewhere
on the server, on another server, or on a Website.
Summary
• The Default Documents feature allows you to
configure the list of default documents that
will automatically be presented to a browser
if a document is not specified.
• A virtual private network (VPN) links two
computers through a wide-area network
such as the Internet. To keep the connection
secure, the data sent between the two
computers is encapsulated and encrypted.
Summary
• By using virtual machine technology, you can
run multiple operating systems concurrently
on a single machine, which allows
separation of services while keeping cost to
a minimum.
• The hypervisor is installed between the
hardware and the operating system and is
the main component that manages virtual
computers.