1 / 56

Chapter Fourteen Administering Web Access

70-270, 70-290 MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003. Chapter Fourteen Administering Web Access. Objectives. Install and configure Internet Information Services (IIS)

garret
Download Presentation

Chapter Fourteen Administering Web Access

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 70-270, 70-290 MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Fourteen Administering Web Access

  2. Objectives • Install and configure Internet Information Services (IIS) • Create and configure Web site virtual servers and virtual directories • Configure Web site authentication Guide to MCSE 70-270, 70-290

  3. Objectives (continued) • Configure and maintain FTP virtual servers • Update and maintain security for IIS servers • Use IIS to enable access to network resources • Troubleshoot Web client-browser connectivity Guide to MCSE 70-270, 70-290

  4. Installing and Configuring Internet Information Services • Internet Information Services (IIS) 6.0: Provides Web-related services from Windows Server 2003 or XP Professional • Limited functionality on XP Professional • Four main components: • World Wide Web (HTTP) Service • File Transfer Protocol (FTP) Service • Network News Transfer Protocol (NNTP) Service • Simple Mail Transfer Protocol (SMTP) Service Guide to MCSE 70-270, 70-290

  5. Installing and Configuring Internet Information Services (continued) • Benefits of intranet to organization’s employees: • Interactive online company resources • Team collaboration using various applications • Web-based applications to assist employees • Benefits of Internet site to organization’s customers: • Additional customer service • Order products and track shipping progress online • Dynamic company information and news bulletins Guide to MCSE 70-270, 70-290

  6. Installing Internet Information Services Table 14-1: Internet Information Services components Guide to MCSE 70-270, 70-290

  7. Installing Internet Information Services (continued) • Activity 14-1: Installing IIS Components • Objective: Install Internet Information Services components • Important to understand location and purpose of folders IIS creates during installation • Default FTP Site: Holds files that FTP server uses to respond to TCP/IP port 21 • Default Web Site: Holds files that Web server uses to respond to TCP/IP port 80 Guide to MCSE 70-270, 70-290

  8. Installing Internet Information Services (continued) Table 14-2: IIS folder structure Table 14-3: User and group accounts created during IIS installation Guide to MCSE 70-270, 70-290

  9. Installing Internet Information Services (continued) • Services available after IIS installation: • FTP Publishing Service • IIS Admin Service • Network News Transfer Protocol (NNTP) Service • Simple Mail Transfer Protocol (SMTP) Service • World Wide Web Publishing Service • Installing IIS enables you to use Web Sharing to make files and folders available via HTTP Guide to MCSE 70-270, 70-290

  10. Architectural Changes in IIS 6.0 • IIS 6.0 provides a number of changes since IIS 5.0 • Most relate to management and maintenance of processes • Metabase: Storage location for IIS configuration information • MetaBase.xml • MBSchema.xml Guide to MCSE 70-270, 70-290

  11. Architectural Changes in IIS 6.0 (continued) Table 14-4: IIS 6.0 process management and administration features Guide to MCSE 70-270, 70-290

  12. Configuring Web Server Properties Figure 14-5: The Internet Information Services (IIS) Manager console Guide to MCSE 70-270, 70-290

  13. Configuring Web Server Properties (continued) • Activity 14-3: Exploring the IIS Manager Snap-in • Objective: Explore the IIS Manager snap-in Figure 14-6: Viewing the status of Web Service Extensions Guide to MCSE 70-270, 70-290

  14. Configuring Web Server Properties (continued) • Master properties: IIS settings configured at site-folder level • Can be inherited by all Web or FTP sites hosted on server • Any configuration settings changed at site, folder, or file level override master properties • Activity 14-4: Viewing and Configuring the Master Properties of the WWW Service • Objective: Configure the master properties of the WWW Service Guide to MCSE 70-270, 70-290

  15. Configuring Web Server Properties (continued) Figure 14-7: Viewing master property settings Guide to MCSE 70-270, 70-290

  16. Creating and Configuring Web Site Virtual Servers and Virtual Directories • Virtual server: Unique Web site that behaves as though it were on own dedicated server • IIS can host multiple virtual servers on a server • Considerations when configuring site(s): • Identify IP address to which Web site responds • Identify TCP port to which Web site responds • If multiple virtual servers responding to same IP address, identify host header name to which new Web site responds Guide to MCSE 70-270, 70-290

  17. Creating and Configuring Web Site Virtual Servers and Virtual Directories (continued) • Three ways to ensure each Web site is unique: • Use separate IP address to distinguish each Web site • Use single IP address with specific port number for each Web site • Use single IP address with multiple host headers representing each Web site • Activity 14-5: Creating a New Web Site with the Web Site Creation Wizard • Objective: Create a new Web site with the Web Site Creation Wizard Guide to MCSE 70-270, 70-290

  18. IIS Command-line Utilities • Web Site Creation Wizard gives simple, step-by-step way to create/configure Web sites • Microsoft includes variety of VBScripts for automating IIS configuration tasks • Iisweb.vbs command-line script: Sets up directory structure and some IIS configuration files • Specify only basic properties needed to create the site and identify contents Guide to MCSE 70-270, 70-290

  19. IIS Command-line Utilities (continued) • Iisweb.vbs script options and switches: • Path • SiteName • /b Port • /i IPaddress • /d HostHeader • /dontstart • /s Computer • /u [Domain\]User • /p Password Guide to MCSE 70-270, 70-290

  20. IIS Command-line Utilities (continued) • Activity 14-6: Creating a New Web Site with the Iisweb.vbs Script • Objective: Create a new Web site by using a script instead of the IIS Manager console Figure 14-11: Using the Iisweb.vbs script to create a Web site Guide to MCSE 70-270, 70-290

  21. Modifying Web Site Properties Figure 14-13: The Default Web Site Properties dialog box Guide to MCSE 70-270, 70-290

  22. Modifying Web Site Properties (continued) Table 14-5: Web site properties tabs Guide to MCSE 70-270, 70-290

  23. Modifying Web Site Properties (continued) • Activity 14-7: Configuring Web Site Properties • Objective: Configure properties for an individual Web site Figure 14-14: The Custom Errors tab Guide to MCSE 70-270, 70-290

  24. Creating Virtual Directories • May have information stored on multiple servers throughout organization • If this information will be included in a Web site, can create a virtual directory that specifically points to the shared folder storing the data • Clients access information by adding virtual directory’s alias name to end of Web site host name • Activity 14-8: Creating and Configuring a Virtual Directory • Objective: Create and configure a virtual directory Guide to MCSE 70-270, 70-290

  25. Creating Virtual Directories (continued) Figure 14-16: Viewing the properties of a virtual directory Guide to MCSE 70-270, 70-290

  26. Installing and Using Remote Administration (HTML) Tools • After installation, can use these tools to manage IIS 6.0 servers and a variety of system elements via a Web browser • Including network settings, disk quotas, and more • Activity 14-9: Install and Explore the Remote Administration (HTML) Tools • Objective: Install and explore the Remote Administration (HTML) tools to manage your server Guide to MCSE 70-270, 70-290

  27. Installing and Using Remote Administration Tools (continued) Figure 14-17: Installing Remote Administration (HTML) tools for IIS Guide to MCSE 70-270, 70-290

  28. Configuring Authentication for Web Sites • Authentication: Determining whether user has valid user account with necessary permissions to access a resource • Five levels of IIS authentication: • Anonymous access: Allows access to Web site without user name and password • Basic authentication: User enters user name and password • No encryption Guide to MCSE 70-270, 70-290

  29. Configuring Authentication for Web Sites (continued) Figure 14-19: The Authentication Methods dialog box Guide to MCSE 70-270, 70-290

  30. Configuring Authentication for Web Sites (continued) • Five levels of IIS authentication (continued): • Digest authentication: Similar to Basic authentication, but user name/password hashed with MD5 algorithm • Integrated Windows authentication: Uses client’s currently logged-on credentials to supply a challenge-response to the Web server • .NET Passport authentication: Allows Web site to use functionality of .NET Passport service to authenticate users Guide to MCSE 70-270, 70-290

  31. Configuring Authentication for Web Sites (continued) • Five levels of IIS authentication (continued): • If multiple authentication methods are configured, following rules apply: • If anonymous access and one other authentication method selected, other method applies only if anonymous access fails • FTP sites cannot use Digest, Integrated Windows, or .NET Passport authentication • Digest and Integrated Windows authentication take precedence over Basic authentication Guide to MCSE 70-270, 70-290

  32. Configuring Authentication for Web Sites (continued) • Activity 14-10: Configuring and Testing Web Site Authentication Options • Objective: Configure Web site authentication options Figure 14-20: The warning message for selecting Basic authentication Guide to MCSE 70-270, 70-290

  33. Configuring Server Certificates and Secure Sockets Layer • Can use Directory Security tab to configure secure Web communications by implementing Secure Sockets Layer (SSL) protocol • Encrypts Web traffic between client and server • To use SSL on a Web Server: • Obtain and install a server certificate • For Web sites accessible to general public, should obtain certificate from a recognized CA • Enable Web site for SSL Guide to MCSE 70-270, 70-290

  34. Configuring Server Certificates and Secure Sockets Layer (continued) Figure 14-22: The IIS Certificate Wizard Guide to MCSE 70-270, 70-290

  35. Configuring Server Certificates and Secure Sockets Layer (continued) Figure 14-23: Enabling a Web site for SSL Guide to MCSE 70-270, 70-290

  36. Configuring FTP Virtual Servers • File Transfer Protocol (FTP): Used to transfer files between two computers running TCP/IP • Must have server and client relationship • Installing FTP Service on IIS 6.0 enables Windows Server 2003 computer to use FTP to transfer files to and from users running FTP client software • FTP client software provided via command line tool or via Web browser Guide to MCSE 70-270, 70-290

  37. File Transfer Protocol • Industry-standard method of transferring files between two hosts running TCP/IP • Uses TCP ports 20 and 21 • Important feature of TCP: • Sending computer sends many packets at once, then waits for acknowledgment that data received • If no acknowledgement, data retransmitted • Packets at sending computer assigned sequence number so receiving computer can reassemble data • Packets contain checksum to ensure data integrity Guide to MCSE 70-270, 70-290

  38. Configuring FTP Properties • Can configure multiple FTP sites running on single IIS 6.0 server • General-purpose Default FTP Site created during IIS installation • Can use Directory Security tab to restrict access based on IP address • Activity 14-11: Configuring and Testing the Default FTP Site • Objective: Configure and test the Default FTP Site Guide to MCSE 70-270, 70-290

  39. Configuring FTP Properties (continued) Table 14-6: FTP site properties tabs Guide to MCSE 70-270, 70-290

  40. Configuring FTP Properties (continued) Figure 14-26: FTP site security settings Guide to MCSE 70-270, 70-290

  41. Creating an FTP Site Virtual Server • Can create new FTP sites using IIS Manager console or scripts • Can create virtual directories that can be both local and remote to the IIS server • Activity 14-12: Creating a New FTP Site • Objective: Create a new FTP site • Activity 14-13: Configuring and Testing an FTP Virtual Directory • Objective: Configure and test an FTP virtual directory Guide to MCSE 70-270, 70-290

  42. Updating and Maintaining Security for an IIS Server: Resource Permissions • NTFS Permissions: Control access to Web server resources stored on an NTFS volume • IIS Permissions: Can be configured for Web sites and FTP virtual servers, virtual directories, physical directories, and files • Two primary types: read and write permission • Activity 14-14: Configuring IIS and NTFS Permissions • Objective: Protect Web site resources by using both IIS and NTFS permissions Guide to MCSE 70-270, 70-290

  43. IP Address and Domain Name Security • Can secure Web content by granting or denying access based on IP address or domain name • Single address or range of addresses • Activity 14-15: Testing IP Address Restrictions • Objective: Test the ability to control Web site access by IP address Guide to MCSE 70-270, 70-290

  44. Starting and Stopping Services • Can stop and restart services and individual sites in IIS Manager console • To stop IIS on a Web or FTP site, expand Web Sites or FTP Sites in IIS Manager console, right-click site to stop, click Stop option • To restart entire IIS server, right-click IIS server name in IIS Manager console, click All Tasks, click Restart IIS Guide to MCSE 70-270, 70-290

  45. Backing Up the IIS Configuration • IIS 6.0 stores configuration settings in the IIS metabase • Methods to back up metabase: • Via backup utility in IIS Manager console • Copy contents of backup directory to another folder • Export database contents to text file via Metabase Editor tool • Use Iisback.vbs script • Back up System State data via Windows Server 2003 Backup utility or third-party utility Guide to MCSE 70-270, 70-290

  46. Backing Up the IIS Configuration (continued) • Activity 14-16: Backing Up the IIS Configuration • Objective: Back up and restore the configuration of an IIS server • History feature tracks changes to MetaBase.xml and MBSchema.xml files Guide to MCSE 70-270, 70-290

  47. Updating IIS 6.0 • Two most common updates you apply to IIS server are service packs and hot fixes • Hot fixes: Small software fixes designed to solve a known security problem • Service packs: Accumulation of software patches and hot fixes for bugs • More crucial than hot fixes • Microsoft Baseline Security Analyzer may be used to check if updates are available Guide to MCSE 70-270, 70-290

  48. Using IIS to Access Network Resources: Creating and Modifying Web Folders • Web folder: Designed to be accessed from the Internet or an intranet by using HTTP or FTP Figure 14-31: The Web Sharing tab for a folder Guide to MCSE 70-270, 70-290

  49. Using IIS to Access Network Resources: Creating and Modifying Web Folders (continued) Table 14-7: Web folder access permissions Table 14-8: Application permissions Guide to MCSE 70-270, 70-290

  50. Using IIS to Access Network Resources: Creating and Modifying Web Folders (continued) • Methods to open Web-based file share: • Internet Explorer • My Network Places • Microsoft Office XP • Activity 14-17: Configuring Web Folders and Exploring Access Methods • Objective: Configure and access a Web shared folder Guide to MCSE 70-270, 70-290

More Related