Your SlideShare is downloading. ×
Chapter13      Administering  Web  Resources
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Chapter13 Administering Web Resources

670
views

Published on

Published in: Technology

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
670
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
90
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Managing a Microsoft Windows Server 2003 Environment Chapter 13: Administering Web Resources
  • 2. Objectives
    • Install and configure Internet Information Services (IIS)
    • Create and configure Web-site virtual servers and virtual directories
    • Configure Web-site authentication
    • Configure and maintain FTP virtual servers
    • Update and maintain security for an IIS server
  • 3. Objectives (continued)
    • Create and modify Web folders
    • Install and use the Remote Administration (HTML) tools
    • Install and configure Web-based printing and printer management
    • Troubleshoot Web client-browser connectivity
  • 4. Installing and Configuring Internet Information Services
    • Current version is Internet Information Services (IIS) 6.0
    • IIS provides Web-related services that can be implemented to host a corporate intranet or to provide an Internet presence
  • 5. Installing and Configuring Internet Information Services (continued)
    • IIS has four main components:
      • World Wide Web (HTTP) services
      • File Transfer Protocol (FTP) services
      • Network News Transfer Protocol (NNTP) services
      • Simple Mail Transfer Protocol (SMTP) services
  • 6. Installing Internet Information Services
    • IIS 6.0 is not installed by default
    • Individual IIS components can be manually installed through the Add or Remove Programs applet in the Control Panel
  • 7. Installing Internet Information Services (continued)
  • 8. Activity 13-1: Installing Internet Information Services
    • Objective: To install IIS components
    • Start  Control Panel  Add or Remove Programs  Add/Remove Windows Components
    • Select and install individual components as directed
    • Note changes on the server, folders created during IIS installation, new accounts in Active Directory, operating system services, Web sharing feature
  • 9. Activity 13-2: Viewing System Changes after Installing IIS
    • Objective: To view the changes made to Windows Server 2003 after installing IIS
    • Open Active Directory and browse for the new accounts that have been added:
      • 2 new user accounts and 1 new group account
  • 10. Activity 13-2 (continued)
    • Browse various folders that contain files needed for IIS services and open the Services utility:
      • FTP Publishing Service
      • IIS Admin Service
      • Network News Transfer Protocol (NNTP)
      • Simple Mail Transfer Protocol (SMTP)
      • World Wide Web Publishing Service
    • Browse properties of a service
    • Stop a service and configure its startup options
  • 11. Architectural Changes in IIS 6.0
    • IIS 6.0 is similar to IIS 5.0 with Windows 2000
    • Changes relate to how processes are managed and maintained and updated metabase files
    • Metabase now stored in 2 standard XML files
      • MetaBase.xml and MBSchema.xml
        • Human-readable
        • Better read performance
        • Industry-standard data representation
        • Found in %systemroot%system32inetsrv
  • 12. Architectural Changes in IIS 6.0 (continued)
  • 13. Configuring Web Server Properties
    • Primary tool used for configuration of Web Server properties is IIS MMC snap-in
    • Available on Administrative Tools menu
    • Default sites and services include:
      • FTP Sites
      • Application Pools
      • Web Sites
      • Web Service Extensions
      • Default SMTP Virtual Server
      • Default NNTP Virtual Server
  • 14. Activity 13-3: Exploring the Internet Information Services MMC Snap-in
    • Objective: To explore the basic MMC snap-in console and navigation
    • Start  Administrative Tools  Internet Information Services (IIS) Manager
    • Explore the FTP Sites, Application Pools, Web Sites, Web Service Extensions, Default SMTP Virtual Server, and Default NNTP Virtual Server nodes
  • 15. Activity 13-3 (continued)
    • Using the IIS tool, master properties can be configured for Web and FTP sites from site-folder level
    • If an individual site is pre-configured when master properties are set, you are prompted whether or not to change the site settings
  • 16. Activity 13-4: Viewing and Configuring the Master Properties of the WWW Service
    • Objective: To explore the use of master properties through the configuration of the WWW service
    • From the open IIS Manager window, open the Web Sites folder properties
    • Configure the folder properties as directed
    • Test setting inheritance by viewing the Default Web Site properties
  • 17. Creating and Configuring Web-Site Virtual Servers
    • A virtual server is a unique Web site that behaves as if it were on a dedicated server
    • IIS can support many virtual servers on a single server
    • Configuration conflicts are avoided by identifying the IP address, TCP port, and host header name of each Web site and ensuring that the site is uniquely identified through these features
  • 18. Activity 13-5: Creating a New Web Site Using the Web Site Creation Wizard
    • Objective: To become familiar with the Web Site Creation Wizard
    • Change the port number of the Default Web Site as directed and verify the change
    • Create a new Web site using the Web Site Creation Wizard
    • Create a default HTML index page for the new site
  • 19. Activity 13-6: Creating a New Web Site Using the IISWEB.VBS Script
    • Objective: To explore using the IISWEB.VBS script as an alternative to the IIS tool for Web site creation
    • Start  Run  type cmd  OK
    • Make a new Web site home directory as directed
    • Run the IISWEB.VBS script as directed
    • Verify that the Web site has been created and configured correctly
  • 20. Modifying Web-Site Properties
    • Individual Web site parameters can be modified and fine-tuned through the site’s properties
    • Modifying an individual site’s properties does not affect any other sites
    • Modifying an individual site’s properties overrides any configurations set in the master properties at the server level
  • 21. Modifying Web-Site Properties (continued)
  • 22. Activity 13-7: Configuring Web-Site Properties
    • Objective: To explore and configure the available properties for an individual Web site
    • Open IIS and the Properties of the site to be configured
    • Configure settings as directed
    • Create an html file and configure it as a footer
    • Customize an error message
    • Verify the configured settings
  • 23. Creating Virtual Directories
    • A virtual directory points to a shared folder on the server
    • An alias name can be created
      • Hides the real directory name
      • Can simplify the path to the folder
    • Clients can access a virtual directory by appending the alias name to the Web-site host name
  • 24. Activity 13-8: Creating and Configuring a Virtual Directory
    • Objective: To familiarize students with the process of creating and configuring a virtual directory
    • Create and configure a new shared folder
    • Create a new index file for the Web site
    • Open and use the Virtual Directory Creation Wizard to create a virtual directory with an alias
    • Explore Properties and verify proper configuration of the site
  • 25. Configuring Authentication for Web Sites
    • Authentication is the determination of whether or not a user account has the proper permissions to access a resource such as a Web site
    • IIS provides five levels of authentication:
      • Anonymous access
      • Basic authentication
      • Digest authentication
      • Integrated Windows authentication
      • .NET Passport authentication
  • 26. Anonymous Access and Basic Authentication
    • Anonymous access
      • Users do not need to provide a user name and password
      • Uses the IUSR_servername user account to provide authentication credentials
    • Basic authentication
      • User is prompted to supply a user name and password
      • User needs a valid Windows Server 2003 user account
      • One drawback is that information is transmitted using unencrypted Base64 encoding (easy to hack)
  • 27. Digest Authentication and Integrated Windows Authentication
    • Digest authentication
      • Similar to basic authentication but hashes user name and password using MD5 algorithm
      • Has specific software and Active Directory requirements
    • Integrated Windows authentication
      • Does not prompt for password
      • Uses client’s logged on credentials
      • Used primarily for internal intranets, has specific permissions requirements
  • 28. .NET Passport Authentication and Multiple Authentications
    • .NET Passport authentication
      • New method currently in testing to use the .NET Passport service
      • Will require preproduction tests and a registration process
    • If multiple authentication methods are configured, specific rules apply concerning precedence and applicability
  • 29. Activity 13-9: Configuring and Testing Web-Site Authentication Options
    • Objective: To configure and compare two of the Web-site authentication options
    • Discover the current configuration using the IIS Manager tool
    • Explore the effect of the current configuration on Web-site access
    • Change the configuration and explore the effect of the change
  • 30. Configuring Server Certificates and Secure Sockets Layer
    • The Secure Sockets Layer (SSL) protocol encrypts Web traffic between a client and a Web server
    • Configured from the Directory Security tab of the properties of a Web site
    • Users access a secure server using https:// prefix
    • SSL requires a server certificate from a certificate authority or from installed certificate services
  • 31. Configuring FTP Virtual Servers
    • The File Transfer Protocol (FTP) is used for file transfers between computers running TCP/IP
    • FTP service is included with IIS 6.0
    • FTP uses two ports (TCP ports 20 and 21)
      • Port 21 carries connection initiation and diagnosis information
      • Port 20 carries data
    • FTP uses Transmission Control Protocol (TCP)
      • Connection-based protocol, session precedes data transfer
  • 32. File Transfer Protocol
    • Features of TCP include:
      • Sending computer waits for an acknowledgement and retransmits data if it is not received
      • Packets are assigned a sequence number
      • Packets contain a checksum for ensuring integrity
    • FTP requires a server running FTP server software and clients must run FTP client software
    • There are many free and shareware utilities that can be downloaded for running FTP
  • 33. Configuring FTP Properties
    • Multiple FTP sites can be configured on a single IIS 6.0 server
    • Each site operates independently and runs transparently
    • Each site has property sheets that can be customized independently
  • 34. Configuring FTP Properties (continued)
  • 35. Activity 13-10: Configuring and Testing the Default FTP Site
    • Objective: To become familiar with the process of configuring and testing an existing Web site
    • Open the IIS Manager tool and the Properties of the Default FTP Site
    • Browse and configure various settings of the site
    • Log on as an anonymous user to test the site configuration
  • 36. Activity 13-11: Creating and Testing a New FTP Site and Configuring a Virtual Directory
    • Objective: To create an FTP site that includes a virtual directory located on a different server
    • Create new folders for FTP site and configure permissions and IP address as directed
    • Use the FTP Site Creation Wizard to create a site
    • Use the Virtual Directory Creation Wizard to create a new virtual directory
    • Test the site by logging on and transferring a file
  • 37. Updating and Maintaining Security for an IIS Server
    • Sensitivity to security issues is always important for information published on the Internet
    • Issues of importance in security and maintenance for an IIS server:
      • Alternatives to securing access to information
      • Performing backups
      • Stopping and starting IIS related services
      • Applying updates
  • 38. Resource Permissions
    • Two types of permissions to secure Web resources
      • NTFS permissions
      • IIS permissions
    • The effective permission is always the most restrictive of configured permissions
    • NTFS permissions
      • Normal NTFS file permissions can be applied to Web pages and virtual directories
      • Can be assigned to users and groups individually
  • 39. Resource Permissions (continued)
    • IIS permissions
      • Always global
      • Can be configured for Web sites and FTP virtual servers, virtual directories, physical directories, files
      • Can set Read and/or Write permissions
      • Can set Execute permission if site contains scripts or executables
  • 40. Activity 13-12: Configuring IIS and NTFS Permissions
    • Objective: To explore the use of both IIS and NTFS permissions for protecting Web content
    • Open the IIS Manager tool and access the Properties of a Web site to configure IIS permissions
    • Test the IIS permissions as directed
    • Open the Properties of the Web content folder to configure NTFS permissions
    • Test the NTFS permissions as directed
  • 41. IP Address and Domain Name Security
    • Can secure Web content by controlling access based on the IP address of the client
    • Access can be explicitly granted or denied
    • Access can be controlled for a specific IP address or a range of IP addresses
  • 42. Activity 13-13: Testing IP Address Restrictions
    • Objective: To explore securing Web content using restrictions on IP addresses
    • Open the IIS Manager tool and the Properties of the Web site
    • From the Directory Security tab, edit the IP Address and Domain Name Restrictions to deny access to a specific IP address
    • Test the restrictions as directed
  • 43. Starting and Stopping Services and Backing UP the IIS Configuration
    • IIS 6.0 allows you to start and stop services through the IIS console
    • IIS 6.0 stores configuration settings in the IIS metabase that can be backed up
      • Using the Backup utility in the IIS console
      • By copying contents of the backup directory to a folder
      • By exporting contents using the metabase editor
      • By using the IISBACK.VBS script
      • By backing up System State data using Backup utility
  • 44. Activity 13-14: Backing Up the IIS Configuration
    • Objective: To explore the use of the backup and restore facilities of IIS
    • Open the IIS Manager tool and Backup/Restore Configuration facility for the server
    • Create a backup as directed
    • Verify the backup
    • Restore the metabase from the backup as directed
  • 45. Updating IIS 6.0
    • Common updates to IIS are service packs and hot fixes
    • Before updating, perform a full backup of server
    • Updates are often released to fix security issues
    • Microsoft Baseline Security Analyzer helps determine which IIS hot fixes are installed
  • 46. Creating and Modifying Web Folders
    • A Web folder is a shared folder designed to be accessed using HTTP or FTP
    • Use the Web Sharing tab of the folder Properties to configure the folder
    • Web folders can use an alias name
      • The Edit Alias dialog box allows you to set the name, access permissions, and application permissions
    • Network clients can open a Web-based file using
      • Internet Explorer, My Network Places, Microsoft Office XP
  • 47. Activity 13-15: Configuring Web Folders and Exploring Access Methods
    • Objective: To become familiar with configuring and accessing a Web shared folder
    • Create a new folder and file
    • Configure the folder using the Web Sharing tab of the folder’s Properties
    • Open the IIS Manager tool and verify that the virtual directory appears
    • Open Internet Explorer to examine the folder and file
  • 48. Installing and Using Remote Administration (HTML) Tools
    • Remote Administration (HTML) tools support the ability to manage IIS servers remotely via a Web browser interface
    • On Windows Server 2003, these tools are not installed by default
    • Tools must added manually via the Add/Remove Windows Components feature of Control Panel
  • 49. Activity 13-16: Install and Explore the Remote Administration (HTML) Tools
    • Objective: To explore the installation process and to examine various settings from Internet Explorer
    • Start  Control Panel  Add or Remove Programs  Add/Remove Windows Components
    • Install the tools as directed
    • Open Internet Explorer, configure the site, and connect to the Remote Administration Web site
    • Browse the site as directed
  • 50. Installing and Configuring Internet Printing
    • Internet Printing Protocol (IPP)
      • Allows printers to be managed via a Web browser
      • Allows clients to send print jobs using HTTP
    • Requires the installation of IIS and the Internet Printing component
    • Internet Printing requires that the Internet Printing Web Service Extension and the Active Server Pages Extension be explicitly enabled
  • 51. Activity 13-17: Configuring and Managing Internet Printing
    • Objective: to explore Internet Printing settings, manage printers from IE, and install a printer to use Internet Printing
    • Use the IIS Manager tool to configure Internet Printing on the server
    • Use Internet Explorer to view printers and their properties
    • Install a printer to use Internet Printing and verify that the printer port is configured correctly
  • 52. Troubleshooting Web Client Connectivity Problems
    • Client access problems are not uncommon
    • If a user is unable to access an IIS Server
      • Check TCP/IP configuration settings, proxy settings, connections, set up error messages, use a protocol analyzer
    • If a user is unable to access a Web or FTP site
      • Check permissions, authentication methods, IP address and domain name restrictions, connection limits, port numbers, user accounts, invalid cached DNS information
  • 53. Summary
    • Internet Information Services (IIS) 6.0 is an application in Windows Server 2003 used to develop and host Web- and FTP-based services
    • Four main components to IIS: World Wide Web (HTTP), File Transfer Protocol (FTP), Network News Transfer Protocol (NNTP), and Simple Main Transfer Protocol (SMTP) services
    • IIS components must be manually installed
  • 54. Summary (continued)
    • IIS configuration information is stored in two XML files known as the metabase
    • The IIS MMC snap-in (the IIS Manager tool) is the primary tool for IIS configuration
    • Virtual servers are unique Web or FTP sites that behave as though they are on dedicated servers
    • IIS provides five levels of authentication to validate users trying to access a Web site
    • Web communications can be encrypted using the Secure Sockets Layer (SSL) protocol
  • 55. Summary (continued)
    • To maintain an IIS server, an administrator should use security features, perform backups, start and stop IIS services, and apply updates
    • Remote Administration (HTML) tools are used to manage IIS 6.0 servers remotely
    • The Internet Printing Protocol (IPP) allows printers to be managed via Web browser and allows clients to sent print jobs using HTTP
    • Configurations can cause user access problems to either an IIS Server or a Web or FTP site, note the things to check first