Ch 13 - Adminstering Web Resources1 Ch. 13 – Administering Web Resources MIS 431 – Created Spring 2006

Ch 13 - Adminstering Web Resources 1

Ch. 13 – Administering Web Resources

MIS 431 – Created Spring 2006


This is the Big Deal with Servers!

Install and configure IIS – Internet Info Services Create/configure web site virtual servers and virtual

directories Configure web site authentication Install and maintain FTP virtual servers Update and maintain IIS security Create and modify web folders Install and user Remote Installation tools Install and configure web based printing Troubleshoot web client browser connectivity Customize HTTP error messages for your server


IIS 6.0 Components: major league!

Basic Services World Wide Web service (HTTP) File Transport Protocol service (FTP) Network News Transport service (NNTP) Simple Mail Transport Protocol service

(SMTP) FrontPage Server Extensions

Cost: free – built into WS03 Fast – handles many users simultaneously ODBC interface to databases


More About IIS as a Service

When you install IIS, service starts automatically when the server boots Can control web server, FTP server, SMTP,

NNTP separately at start up time Can check


Installing IIS

Implementation type Internet server Intranet server (very cool-works same way)

Be careful – you can install things that may cause an attack from the Internet based on new services that appear (e.g., port 80)

Built into WS03 – Start | Control Panel | Add/Remove Programs Click Add/Remove Windows Components Choose Application Services, then Details for IIS

pieces; continue to drill down when grayed out


Installing IIS, contd.

Minimum services to check Common Files File Transfer Protocol Service (read only) Internet Information Services Manager World Wide Web Service

Optional Parts Internet Printing – you know this one NNTP Service – network news groups SMTP Service – outbound e-mail server


Anonymous Access

Anonymous Access sets up the ability for any user to view a web site (or FTP site) System creates an AD user account called

IUSR_servername for anonymous access Other system accounts are likewise created

Absence of this feature requires the user to authenticate before they can view a page Hint: this is necessary for some of your web

folders, so prepare a security plan to accommodate those areas


IIS 6.0 Changes over IIS 5.0

Visually, they look the same and are basically managed the same way

Internal changes How processes are handled by IIS Metabase configuration information stored in

XML files – easier for a human to read/debug


Configuring the Web Server

Start the IIS MMC – can find in Computer Management (look under Services) Its own MMC (in Administrative Tools) Build a custom MMC (Start | Run | MMC, then add….)

Use Remote Administration (only if installed) Can administer from any web browser using port 8099 Uses port 8098 to create a secure connection through

the Internet (but need to work with security for https) https://127.0.0.1:8098 from the server itself https://139.102.31.nn:8098 from another client

Useful if you don’t have Terminal Services on the client computer you are using or a slow dial-up connection


IIS Snap-In (MMC)

See Fig 13-5 for IIS Manager. Left pane includes … (also see next slide) FTP Sites Application Pools Web Sites Web Service Extensions Default SMTP Virtual Server Default NNTP Virtual Server

Click + in front of a line to see contents


IIS Manager WindowName of server


IIS Manager, contd.

Rt click a web site and choose Properties Web site properties (see Fig 13-7 p.522) tabs

Web Site – identification (name), logging Performance - ISAPI Filters Home Directory – where on server files are stored Documents – if file is listed, no need to type in URL Directory Security – allow anonymous access? HTTP Headers Custom Errors – name of HTML file with custom error Service


Default Web Site Properties

Web Site Tabs


IIS Web Site Tab

Description – Default Web Site (or other name) IP Address – can add multiple IP addresses Ports – TCP default is 80, SSL assignable Advanced – used for setting up alternate name web

site (host header feature) Connections – for setting limits. (Also see

Performance tab) Enable Logging – who has been here

Web and FTP server logs by day or other time Can choose what information to keep


IIS Home Directory Tab

Gives location and name of the web site on this server or a share on another computer

c:\inetpub\wwwroot (in this case) or redirected to a URL Access rights: read, write, directory browsing,

script source access, log visits Execute permissions: none, script only, or

scripts and executables


IIS Documents Tab

Which documents are loaded if no file name appears at the end of the user’s URL http://misnt.indstate.edu/ ______

Common: default.htm, default.asp, index.htm, index.html, home.htm Also choose the priority order

Can add a footer to end of every web page Ex: copyright section and for more information section Saves time and allows it to be changed at server level

just once (server-side include) rather than each document


IIS Directory Security Tab

Anonymous access allowed? If yes, what authentication? (clear text or

Windows which requires IE browser)\ IP address and domain restrictions: eliminate

known hackers from gaining access to the web server’s pages

Set up secure communications with digital certificates


IIS HTTP Headers Tab

Enable content expiration If page is beyond elapsed content time, it will fetch a

new page from the hard drive rather than the server’s disk cache

Establish content rating Custom HTTP headers (information returned to the

client’s browser when requested) Configure additional MIME (multipurpose Internet

mail exchange) file types Tells server how to handle files received from a server


IIS Custom Errors Tab

Gives name of each file for server errors C:\winnt\help\iisHelp\common\404c.htm for the

404 Error – File Not Found Can modify this file or substitute your own file

for this http://misnt.indstate.edu/bruce

You are asked to create a custom error file in the next project


IIS Server Extensions Tab

FrontPage installs this automatically when installed on the server Also available from the Windows Add/In Tools

Lets you configure the server extensions Author the root web? Can prevent changes Specify how mail is sent (e.g., web form

notice) Security settings


Other IIS Features

Set these features by selecting the Default Web Site, rt-click and choosing Properties Lower level webs inherit default settings You can set properties of lower level webs

independently – e.g., make certain webs not have anonymous access, requiring authentication


IIS Server Extensions

Used to activate certain server features FrontPage can manage files without FTP

(e.g., click Save button and drag-and-drop) Administer webs with FrontPage Allow certain active content such as hit

counter, hover buttons, email web form handling, interactive discussion groups, etc.

MS also has Server Extensions for other operating systems and other web server SW


Creating Virtual Web Sites

IIS has the ability to host a number of web sites or virtual servers on a single server

Procedure to create a virtual web site: Identify the IP address of new web site Identify the TCP port of the new web site If you have multiple virtual servers responding to the

same IP address, identify the host header name of the new web site (cool!)

E.g., 139.102.31.12 is misnt.indstate.edu and virtualmisnt.indstate.edu and you distinguish not in the DNS (both are 31.12) but in host header name


Virtual Directories (e.g., web folders)

Can have information stored on servers throughout the organization and have this information appear on your web server Essentially, create an alias for the remote folder and

append that to the normal URL Can refer to it as www.dovercorp.com/customers

Procedure Create the remote folder and add HTML file(s) In IIS, create New virtual directory in web site Provide share name \\serverXX\virtualdirectory as path Give it the alias name, and finish.


Server Certificates and SSL

Implement SSL in Directory Security tab to encrypt traffic between clients and server https:// is designation for this protocol Look for closed padlock icon in browser Uses TCP port 443 by default Requires a digital certificate be installed on

your server: www.verisign.com See handout on SSL concepts placed in your

discussion group mailbox.


FTP Servers

FTP is used to transfer files between two computers running TCP/IP Breaks the files into packets that can be

transferred, then reassembled into order at the destination and the file saved

Checks for accuracy, so these transfers are error free (part of the protocols used)

FTP server should NOT have anonymous access and Write privilege unless you have set strict quota limits


FTP Properties

See fig 13-22 p. 543 for standard Properties dialog box. Standard tabs: FTP Site: name, port (21), IP address,

connection limits, logging Security Accounts: anonymous access? Messages: welcome and exit messages

displayed to users of the site Home Directory: where the site is located Directory Security: who can/can’t use the site


Etc.

There are some miscellaneous topics at the end of the chapter – take a look

FrontPage Extensions – allows security to be established via FrontPage client