Chapter 13
-
Upload
cameroon45 -
Category
Technology
-
view
283 -
download
2
description
Transcript of Chapter 13
Ch 13 - Adminstering Web Resources 1
Ch. 13 – Administering Web Resources
MIS 431 – Created Spring 2006
Ch 13 - Adminstering Web Resources 2
This is the Big Deal with Servers!
Install and configure IIS – Internet Info Services Create/configure web site virtual servers and virtual
directories Configure web site authentication Install and maintain FTP virtual servers Update and maintain IIS security Create and modify web folders Install and user Remote Installation tools Install and configure web based printing Troubleshoot web client browser connectivity Customize HTTP error messages for your server
Ch 13 - Adminstering Web Resources 3
IIS 6.0 Components: major league!
Basic Services World Wide Web service (HTTP) File Transport Protocol service (FTP) Network News Transport service (NNTP) Simple Mail Transport Protocol service
(SMTP) FrontPage Server Extensions
Cost: free – built into WS03 Fast – handles many users simultaneously ODBC interface to databases
Ch 13 - Adminstering Web Resources 4
More About IIS as a Service
When you install IIS, service starts automatically when the server boots Can control web server, FTP server, SMTP,
NNTP separately at start up time Can check
Ch 13 - Adminstering Web Resources 5
Installing IIS
Implementation type Internet server Intranet server (very cool-works same way)
Be careful – you can install things that may cause an attack from the Internet based on new services that appear (e.g., port 80)
Built into WS03 – Start | Control Panel | Add/Remove Programs Click Add/Remove Windows Components Choose Application Services, then Details for IIS
pieces; continue to drill down when grayed out
Ch 13 - Adminstering Web Resources 6
Installing IIS, contd.
Minimum services to check Common Files File Transfer Protocol Service (read only) Internet Information Services Manager World Wide Web Service
Optional Parts Internet Printing – you know this one NNTP Service – network news groups SMTP Service – outbound e-mail server
Ch 13 - Adminstering Web Resources 7
Anonymous Access
Anonymous Access sets up the ability for any user to view a web site (or FTP site) System creates an AD user account called
IUSR_servername for anonymous access Other system accounts are likewise created
Absence of this feature requires the user to authenticate before they can view a page Hint: this is necessary for some of your web
folders, so prepare a security plan to accommodate those areas
Ch 13 - Adminstering Web Resources 8
IIS 6.0 Changes over IIS 5.0
Visually, they look the same and are basically managed the same way
Internal changes How processes are handled by IIS Metabase configuration information stored in
XML files – easier for a human to read/debug
Ch 13 - Adminstering Web Resources 9
Configuring the Web Server
Start the IIS MMC – can find in Computer Management (look under Services) Its own MMC (in Administrative Tools) Build a custom MMC (Start | Run | MMC, then add….)
Use Remote Administration (only if installed) Can administer from any web browser using port 8099 Uses port 8098 to create a secure connection through
the Internet (but need to work with security for https) https://127.0.0.1:8098 from the server itself https://139.102.31.nn:8098 from another client
Useful if you don’t have Terminal Services on the client computer you are using or a slow dial-up connection
Ch 13 - Adminstering Web Resources 10
IIS Snap-In (MMC)
See Fig 13-5 for IIS Manager. Left pane includes … (also see next slide) FTP Sites Application Pools Web Sites Web Service Extensions Default SMTP Virtual Server Default NNTP Virtual Server
Click + in front of a line to see contents
Ch 13 - Adminstering Web Resources 11
IIS Manager WindowName of server
Ch 13 - Adminstering Web Resources 12
IIS Manager, contd.
Rt click a web site and choose Properties Web site properties (see Fig 13-7 p.522) tabs
Web Site – identification (name), logging Performance - ISAPI Filters Home Directory – where on server files are stored Documents – if file is listed, no need to type in URL Directory Security – allow anonymous access? HTTP Headers Custom Errors – name of HTML file with custom error Service
Ch 13 - Adminstering Web Resources 13
Default Web Site Properties
Web Site Tabs
Ch 13 - Adminstering Web Resources 14
IIS Web Site Tab
Description – Default Web Site (or other name) IP Address – can add multiple IP addresses Ports – TCP default is 80, SSL assignable Advanced – used for setting up alternate name web
site (host header feature) Connections – for setting limits. (Also see
Performance tab) Enable Logging – who has been here
Web and FTP server logs by day or other time Can choose what information to keep
Ch 13 - Adminstering Web Resources 15
IIS Home Directory Tab
Gives location and name of the web site on this server or a share on another computer
c:\inetpub\wwwroot (in this case) or redirected to a URL Access rights: read, write, directory browsing,
script source access, log visits Execute permissions: none, script only, or
scripts and executables
Ch 13 - Adminstering Web Resources 16
IIS Documents Tab
Which documents are loaded if no file name appears at the end of the user’s URL http://misnt.indstate.edu/ ______
Common: default.htm, default.asp, index.htm, index.html, home.htm Also choose the priority order
Can add a footer to end of every web page Ex: copyright section and for more information section Saves time and allows it to be changed at server level
just once (server-side include) rather than each document
Ch 13 - Adminstering Web Resources 17
IIS Directory Security Tab
Anonymous access allowed? If yes, what authentication? (clear text or
Windows which requires IE browser)\ IP address and domain restrictions: eliminate
known hackers from gaining access to the web server’s pages
Set up secure communications with digital certificates
Ch 13 - Adminstering Web Resources 18
IIS HTTP Headers Tab
Enable content expiration If page is beyond elapsed content time, it will fetch a
new page from the hard drive rather than the server’s disk cache
Establish content rating Custom HTTP headers (information returned to the
client’s browser when requested) Configure additional MIME (multipurpose Internet
mail exchange) file types Tells server how to handle files received from a server
Ch 13 - Adminstering Web Resources 19
IIS Custom Errors Tab
Gives name of each file for server errors C:\winnt\help\iisHelp\common\404c.htm for the
404 Error – File Not Found Can modify this file or substitute your own file
for this http://misnt.indstate.edu/bruce
You are asked to create a custom error file in the next project
Ch 13 - Adminstering Web Resources 20
IIS Server Extensions Tab
FrontPage installs this automatically when installed on the server Also available from the Windows Add/In Tools
Lets you configure the server extensions Author the root web? Can prevent changes Specify how mail is sent (e.g., web form
notice) Security settings
Ch 13 - Adminstering Web Resources 21
Other IIS Features
Set these features by selecting the Default Web Site, rt-click and choosing Properties Lower level webs inherit default settings You can set properties of lower level webs
independently – e.g., make certain webs not have anonymous access, requiring authentication
Ch 13 - Adminstering Web Resources 22
IIS Server Extensions
Used to activate certain server features FrontPage can manage files without FTP
(e.g., click Save button and drag-and-drop) Administer webs with FrontPage Allow certain active content such as hit
counter, hover buttons, email web form handling, interactive discussion groups, etc.
MS also has Server Extensions for other operating systems and other web server SW
Ch 13 - Adminstering Web Resources 23
Creating Virtual Web Sites
IIS has the ability to host a number of web sites or virtual servers on a single server
Procedure to create a virtual web site: Identify the IP address of new web site Identify the TCP port of the new web site If you have multiple virtual servers responding to the
same IP address, identify the host header name of the new web site (cool!)
E.g., 139.102.31.12 is misnt.indstate.edu and virtualmisnt.indstate.edu and you distinguish not in the DNS (both are 31.12) but in host header name
Ch 13 - Adminstering Web Resources 24
Virtual Directories (e.g., web folders)
Can have information stored on servers throughout the organization and have this information appear on your web server Essentially, create an alias for the remote folder and
append that to the normal URL Can refer to it as www.dovercorp.com/customers
Procedure Create the remote folder and add HTML file(s) In IIS, create New virtual directory in web site Provide share name \\serverXX\virtualdirectory as path Give it the alias name, and finish.
Ch 13 - Adminstering Web Resources 25
Server Certificates and SSL
Implement SSL in Directory Security tab to encrypt traffic between clients and server https:// is designation for this protocol Look for closed padlock icon in browser Uses TCP port 443 by default Requires a digital certificate be installed on
your server: www.verisign.com See handout on SSL concepts placed in your
discussion group mailbox.
Ch 13 - Adminstering Web Resources 26
FTP Servers
FTP is used to transfer files between two computers running TCP/IP Breaks the files into packets that can be
transferred, then reassembled into order at the destination and the file saved
Checks for accuracy, so these transfers are error free (part of the protocols used)
FTP server should NOT have anonymous access and Write privilege unless you have set strict quota limits
Ch 13 - Adminstering Web Resources 27
FTP Properties
See fig 13-22 p. 543 for standard Properties dialog box. Standard tabs: FTP Site: name, port (21), IP address,
connection limits, logging Security Accounts: anonymous access? Messages: welcome and exit messages
displayed to users of the site Home Directory: where the site is located Directory Security: who can/can’t use the site
Ch 13 - Adminstering Web Resources 28
Etc.
There are some miscellaneous topics at the end of the chapter – take a look
FrontPage Extensions – allows security to be established via FrontPage client