from the Windows NT Server, or a Windows NT Server with IIS

Download Report

Transcript from the Windows NT Server, or a Windows NT Server with IIS

Internet Information Server
The Internet Information Server acts as the gateway for all
incoming client requests. For requests of files ranging from
HTML to graphics to video, the process follows conventional
Web server methods, such as sending a requested file to the
browser.
Unlike conventional Web server methods, when an .asp file
request comes to the Web server from the browser, it invokes the
ISAPI filter or DLL component, which parses the requested .asp
file for Active Server related code.
Using Internet Information Server
As a result, the requester must have the authority to execute the
ASP page and to conduct any of the actions that the code
attempts to perform at the server. The Web server then returns
what, you hope, resembles a standard HTML or other type of
file.
For this process to perform successfully, system must have:
Properly configured IIS served directories
NT user accounts
DLL components
NT security
Using Internet Information Server
IIS is integrated with Windows NT server. IIS uses the same
directory database (use accounts) as Windows NT server. Using
the same directory database eliminates the need for additional
user account administration.
IIS also uses existing Windows NT server Tools such as
Performance Monitor, Event Viewer, and Simple Network
Management Protocol (SNMP) support to maintain similar
administrative procedure.
Using Internet Information Server
The importance of understanding this process increases as your
application performs more and more complex activities on the
server. For example, to execute a script that counts to ten, you
only need to ensure execute permission in the directory served
for the default user. To write a file to the server hard drive,
however, you need to have provided a default or other user with
sufficient permissions to write a file to a location on your hard
drive. Further still, to enable a user to request a page that
accesses a SQL Server database, the user must have further
permissions still in order to gain access to the SQL Server.
Web Server Directories
The IIS provides access or serves information from directories on
your server's hard drives. All requests to the Web server attempt
to get authentication for access to the information initially based
on the user account set up in the IIS configuration. The default
or anonymous logon in the IIS manager matches the user
account setup with full control in the directory permissions
window for the served directory. This ensures that the NT file
system authorizes the user, not only to read, but also to execute
files in the directory.
Web Server Directories
In addition to the file system permissions, one prior level of basic
security is invoked by the IIS before even attempting to request
the file from the operating system. A basic read or execute
permission is established on every directory served by the IIS.
This level of permission is configured at the IIS level and can be
configured through the IIS Manager.
Managing User Accounts
User accounts provide the primary vehicle for managing security
within an IIS application of any kind. Because the IIS completely
integrates with the NT security model, understanding user and
group permissions becomes critical to any application that
utilizes more than just the anonymous logon. The key areas of
concern relating to security include:
Sufficient user authority for a task
Proper security within the anonymous logon
Enhanced security through NTFS file permissions
Managing Anonymous Login
A comprehensive security implementation can be created
without ever going to the User Manager. Before diving into the
complex and powerful world of NT user and group accounts,
make sure you have exhausted the simple and flexible
alternatives. One method involves tracking users in a database
and authenticating by lookup. This approach enables you to
more easily manage users through database or file lookups. If
this model does not provide sufficient control or security,
however, many enhanced security options can be invoked to
control access and use of your application.
Enhanced Security Options
For more sophisticated security, you can set up directories and
.asp files where the logon permissions provided by the Web
server's default user account are insufficient. When
insufficient file system security is detected by the Web server,
the browser will be prompted for a logon, which the Web
server attempts to authenticate. Once authenticated, this user
ID is passed with subsequent requests from the browser
allowing the Web server to utilize the authority of the loggedin user.
You can get programs from
Microsoft`s site for free.
You can get programs from
Microsoft`s site for free.
A new version, MS Personal Web Server 4.0 is included in
MS Windows 98.
Since it's not included in MS Windows 95, you should
download it from MS web site when you use MS Windows
95.
For new version, 4.0 of MS Internet Information Server, you
also should download it from the MS web site to install. MS
Windows NT 4.0 includes MS Internet Information Server
2.0.
Personal Web Server Installation
Personal Web Server 4.0 can be downloaded from the
following site.
http://www.microsoft.com/msdownload/ieplatform/pws/pws.
htm
•Setup downloaded program.
•First of all, designate the destination file.
•Click “Finish” when the installation is done successfully.
Internet Information Server Installation
Internet Information Server 4.0, which is called “Option Pack” can
be downloaded from following site.
http://backoffice.microsoft.com/downtrial/default.asp?product=14
•Put the downloaded program into practice.
•Set the file destination for installation.
•Click “Finish” when the installation is done successfully.
Recommended Installation Sequence
Install Microsoft Windows NT Server 4.0 with IIS 2.0
Install Microsoft Windows NT Service Pack 4.
Install Microsoft Internet Explorer with Service Pack 1 (or
greater).
Install Windows NT Option Pack 4.0 and choose "Upgrade Plus"
(upgrades to IIS 4.0)
Reapply Microsoft Windows NT Service Pack 4.
Run Y2ksp4i.exe [Intel version] or Y2ksp4a.exe [Alpha version] if
Site Server Express and/or Microsoft Data Access Components
(MDAC) 2.0 Service Pack 1 is installed. An extensible firewall and
Web cache server that provides secure Internet access, while
improving network response time and efficiency.
Testing IIS Installation
To ensure proper installation of the Internet Information Server
(IIS), from the Windows NT Server, or a Windows NT Server with
IIS installed:
From the local machine's Start button, look under program groups
for an Internet Information Server group. Launch the Internet
Information Manager to confirm the server installation and check
to ensure that it is running.
The Start Menu illustrates the program groups installed on the
Windows NT Server, including the Internet Information Server
program items.
Testing IIS Installation
From a remote Windows NT Server, launch the IIS Manager, and
attempt to connect to the server by selecting the File, Connect to
Server option and specifying the Netbios computer name.
Use the IIS Manager Connect To Server dialog box to browse, or
type in the Web server to which you want to connect.
Internet Information Server
Running a Web site is easy with Microsoft® Windows NT® Server
and its built-in Web server, Internet Information Server (IIS).
IIS 4.0 provides the benefits of:
Integrated setup.
Flexible management.
Complete content control.
Configuration backup and restore.
Multiple web site hosting.
Network bandwidth allocation.
Familiar Windows NT Server administration tools.
Integrated Setup
An integrated setup wizard makes it easy to setup and install the
Web services and the various components that are part of the
Windows NT 4.0 Option Pack.
You simply check the items that you want to install, answer a few
questions, and the installation wizard installs the desired
configuration on the target machine.
When installing IIS 4.0 over the Internet, only the selected
components are downloaded to your local machine.
Integrated Setup
If you later decide to install other components, the installation
program will automatically download the additional compressed
component files and install them onto the machine.
You can automate the setup of IIS 4.0 to deploy it on many servers
without remaining at the computer and stepping through the
installation options.
An unattended installation script can build a machine from scratch
using Windows NT Server 4.0, the latest Service Pack, Internet
Explorer 4.0, and selected components of the Window NT 4.0
Option Pack.
Internet Information Server
As part of the Windows NT 4.0 Option pack, IIS 4.0 is
integrated with Windows NT as well as with a suite of Internet
and Intranet products.
1. Industry-standard Internet based Protocol Services
2. Web application Development
3. Server administration
4. Security and Authentication
5. Content Management and Control
Internet Based Protocol Services
• HTTP 1.1 support:
Pipelining: Pipelining allows clients to send many requests
before receiving a response from the web server, thereby
improving a performance boost.
Persistent Connections (Keep-Alive): When a browser
connects to a Web server and requests a page, a connection
is established with the server. Establishing and tearing down
connections is an expensive operation for the Web server,
client and network. By using persistent connections, a client
can use a single or reduced number of connections for
multiple requests.
Internet Based Protocol Services
• HTTP PUT and DELETE: With the PUT and DELETE
directives user can post and delete files to and from a Web site.
• Transfer Chunk Encoding: Active Server Pages (ASP) now
supports the transfer encoding header, which lets the browser
know if a transformation has been applied to the body of the
page being sent.
• SMTP Mail: IIS now includes a Simple Mail Transfer
Protocol (SMTP) mail service that can send and receive SMTP
mail messages.
Internet Based Protocol Services
• NNTP Discussion Groups: It includes Network News Transport
Protocol (NNTP) service with which local discussion groups can be
hosted on a single server. However IIS NNTP service does not
include support for news feeds or replication.
• RFC 1867 Support: Allows programmatic control of file uploads,
such as uploading content from a browser to the web server. It
provides posting of files to a remote Webserver from a Webbrowser.
• HHTP redirects: Allows administration to redirect request for files
to different Web sites, directory, or file. Requests can also be
redirected to applications.
Web Application Development
IIS offers a number of new technologies to make it easier to
create more robust, scalable Web applications.
Transactional ASP Pages: As ASP page and any components it
calls can now be part of transaction managed by Microsoft
Transaction Server. If any portion of the script fails, the entire
transaction is aborted.
Web Application Development
Process Isolation: ASP and Internet Server API applications
can now run in processes separate from the main server
process. This process isolation prevents the possibility of an
error in one application affecting other applications on a site
or the server itself. If an application crashes, it is automatically
restarted with the next request, without an administrator
manually restarting the application or the server.
Message Queuing: IIS is now integrated with Microsoft
Message Queue Server (MSMQ). An ASP application can send
a MSMQ message to remote source for deferred processing.
MSMQ messages can be grouped with other transacted work.
Web Application Development
Microsoft Script Debugger: You can use this tool to
interactively test ASP applications written in any Active
Scripting language, such as Visual Basic, Java or Jscript.
IIS Admin Objects: IIS admin Objects ((IISAO) are
components that expose the administration properties of IIS.
COM logging interface: Developers can write Component
Object Model (COM) components hat access IIS logging
capabilities to provide custom logging.
Web Application Development
Failover Clustering Support: It provides integration with the
clustering feature of Windows NT 4.0 Enterprise Edition.
Updated Java Virtual Machine: Provides developers with a
high-performance virtual machine for creating and running
Java components on the server.
Components Load and Unload: Provides Web developers with
the ability to dynamically load and unload Web application
component that run out of process without having to stop and
restart the Web servers.
Windows-based Administration
Microsoft Management Console (MMC) is a Windows-based
tool that enables the management of all Web services and
applications from a single window.
Reduce administration time by learning a single interface.
Add Snap-in components to manage additional services.
Snap-ins for WWW, FTP, SMTP, NNTP, Microsoft
Transaction Server and Microsoft Index Server services.
Create custom consoles and delegate certain administration
tasks while providing local and remote management
capabilities for a single Web server or a farm of Web servers.
Web-based Administration
An innovative Web-based administration tool designed using
Active Server Pages and Jscript that can be viewed with any
browser supporting scripting and frames.
Administrators can manage their Web servers remotely over
the network using a standard Web browser. Internet Service
Providers (ISPs) who host many sites can provide their
customers with this rich tool for managing their Web sites
remotely from a Web browser. The HTML Administration is
built with Active Server Pages, the ASP files can be used as a
starting point for developing customized administration
interface.
Windows NT Server
Administration Tools
What is a User?
A user is an individual or program whose transactions have
received a Security Token containing the transaction's
permissions, based on a user account's permissions. In more
detail, an individual accessing an NT Server either goes
through a logon process or utilizes the permissions of an
already running program, which has logged on on behalf of the
Individual. During the logon, the NT Server has authenticated
the individual or program, based on a user account to issue the
transactions conducted by that individual or program a
Security Token containing the transactions permission level.
Windows NT Server
Administration Tools
Management tools are:
User Manager for domains. Add a user to your system once
and provide access to file, print, Web, and application services
across all servers on your network. Single network logon
means the user only has to sign-in once to access all the
services.
Performance monitor. Performance Monitor is a powerful
tool for monitoring the performance of any Windows NT
Server on the network. IIS 4.0 includes counters for its HTTP
and indexing services to monitor the performance and load on
the server.
Windows NT Server
Administration Tools
Event Viewer. Event Viewer is the tool you use to monitor
various systems events on Windows NT Server. IIS takes full
advantage of the Event Viewer to log application and security
events pertaining to the Web server. Administrators can use
Event Viewer as a second log to audit access to secure files.
Server Administration
Multiple Web Site Support: With support for HTTP 1.1 host
header names, Web site operators, per-web-site bandwidth
throttling, and enhanced HTML administration, IIS enables
organizations to host multiple departmental intranet sites and
enables ISPs to provide hosting services to multiple publish
Internet Sites.
Host Header Name Support: Through the use of HTTP 1.1
host header names, multiple Web sites can share the same IP
address.
Server Administration
Wen Site Operators: Wen Site Operators are a special group
that has limited administrative privileges on individual Web
sites. Operators can administer properties that affect only
their sites.
Bandwidth Throttling: Organizations and ISPs running more
than one site on IIS can throttle the bandwidth available to
each of the sites individually. Throttling bandwidth on
individual sites assures the bandwidth is available for all the
sites sharing the network bandwidth.
Server Administration
Remote HTML-based administration: IIS provides a webbased administration tool so those administrators can manage
their web sites remotely using a standard Web Browser.
Command line administration: Using the Windows Scripting
Host (WSH), administrators can automate the administration
tasks on the server using any scripting language supported by
ASP.
Server Administration
Microsoft Management consoles: is a new host environment
for "snap-in" administration tools.
Total Content Control: You can set most properties on a perfile, per directory, or per-site basis as well as globally for the
server.
Security
Security is vital for:
Application and database security
Electronic commerce
Business relationships and extranets
Communicating with customers
Security and Authentication
Client Authentication:
Secure Sockets Layer (SSL) 3.0 provides a secure way to
exchange information between clients and servers. Unlike
previous SSL implementations, SSL 3.0 provides a way for the
server to verify or authenticate who the client is without the
user having to log on to the server. IN IIS 4.0 client certificates
are exposed to both ISAPI and ASPs, so that programmers cab
track user through their sites.
Security and Authentication
Certificate Server:
With the integrated Certificate Server, organization ca n set up
certificate authorities and issue industry standard X.509
digital certification to clients.
Domain Blocking:
Using IP address and domain restrictions, administrators can
grant or deny access to any specific content based on the
domain name of the requester.
Content Management and Control
IIS 4.0 provides complete flexibility and control over the
property settings of the Web server and individual Web sites.
This flexibility gives many performance and management
benefits allowing to:
Exclude all image files from being logged. This will increase performance,
reduce the log file size and provide more accurate feedback on the number
of page hits on the site.
Require SSL 3.0 security setting on a specific directory rather than an
entire site. This will afford dramatic performance benefits while
maintaining secure connections on appropriate pages.
Set properties at the server level and have them automatically apply to
underlying directories and files on that server. This flexibility reduces the
number of redundant management tasks because you will not have to set
these properties individually.
Content Management and Control
Integrated Indexing and Searching:
With Microsoft Index Server, IIS provides full-text indexing of
HTML, Text, Microsoft Office, Adobe PDF, and other file
formats.
Content Ratings:
Administrators can add rating labels to Web page headers.
The default ratings are based on the Platform for Internet
Content Selection (PICS) ratings developed by the
Recreational Software Advisory Council (RSAC). Content is
rated according to levels of Violence, nudity, sex, and offensive
language.
Content Management and Control
Content Expiration:
Content expiration labels give administrators the ability to
control the life of the content in the browser's cache.
Administrators can use this feature to prevent stale of timesensitive content from being stored for longer-than-necessary
periods on the client's system cache.
Document Footers:
Administrators can include footer information in an HTML
file that can be appended to the bottom of specified documents.
Content Management and Control
Custom HTTP Headers:
Administrators can add a custom HTTP header to a document
or group of documents.
One-to-one Content Replication:
Provides content managers with the ability to select an entire
content tree from one server and, with a single click of a
bottom propagate the content to another server
Content Management and Control
Custom Errors:
Using this feature, administrator can return a custom page or
run an application when a user encounters an error.
Microsoft Site Server Express:
It provides a subset of the functionality available in Microsoft
Site Server.
Configuration Backup and Restore
Provides a utility that saves configuration settings for all Web
sites, FTP sites, virtual directories and files that are
administered on the Web server. Multiple backups include all
the configuration settings and can be stored by name, version
number, and date for future restoration. To return to a
previous configuration state and override the current
configuration settings, an administrator simply selects one of
the previously saved configurations and clicks restore.
Configuration files can be copied to other servers using the
Content Replication Server, enabling a single staging server to
be managed and replicated to an entire server farm.
Hosting Multiple Web Sites
Until recently, having multiple Web sites on a single server
required each site to have a unique IP address. IIS 4.0 supports
the HTTP 1.1 host header standard that allows individual Web
sites on a single server to share a single IP address. Sharing an
IP address makes management easier and enables IIS to
support thousands of Web sites on a single server.
HTTP 1.1 is not yet supported by all browsers. IIS 4.0 provides
support for these users by optionally displaying a list of all the
Web sites on the server, and passing a cookie identifying the
selected site.
Allocating Network Bandwidth
IIS 4.0 enables organizations running more than one site on
the Web server to throttle, or allocate, bandwidth used by
HTML files and graphics on each of the sites individually.
Sites that receive high traffic can be allocated more network
bandwidth than sites that receive less traffic. This eliminates
the competition for bandwidth that can often delay or deny
access on a busy network.