IT:Network:Apps

Microsoft Web Server◦ Used by ~ 50% of Fortune 500 companies

Comes with Server OS Expandable Easy to use

Windows Components > Application Server◦ ASP.NET (optional but lots of 3rd party solns use

it)◦ IIS >

Common Files IIS Manager World Wide Web Service

Other stuff can be installed (SMTP server, FTP server)

www.abccompany.local DNS name Update the abccompany.local zone

◦ www Address 172.17.6.10◦ www Alias mssrv01.abccompany.local

IIS Manager > server > Web Sites > Default Web Site

Pretty much basic, functional web site◦ Listens on Port 80◦ C:\InetPub\wwwroot\◦ Need to create the index.htm (and related) file(s)

Properties of Site◦ WebSite

IP address (All or specific) Port(s) (NOTE: SSL is more than just listing port) Logging/timeout

◦ HomeDirectory Where find files Could be redirection Permissions (like share perms)

◦ Documents What files to look for

index.html ???

IP address/Domain Restrictions◦ Who will we talk to? Who will we ignore◦ Allow all – Exceptions .OR. Deny all – Exceptions

Authentication◦ What users can see this site ◦ How authenticate them◦ More in a bit

Secure Communications◦ SSL◦ More later

www.abccompany.local acct.abccompany.local mktg.abccompany.local

How many servers do we need?

New hardware for each “site” New IP address for each “site”

One box ◦ Big Disk/RAM◦ Multiple IP addresses???

Web sites “Virtualized” inside physical server

Server must pick correct Virtual Server to access.

Multiple IP addresses on Physical Server◦ DNS for each Virtual Server points to different IP

addr acct.fencon.local 192.168.9.10 mktg.fencon.local 192.168.9.11

◦ Configure Web site to pay attention to unique IP 192.168.9.10 acct site 192.168.9.11 mktg site

Need IP address for each virtual host!

Single IP address on Physical Server◦ All Virtual hosts use the same IP address◦ Host header assigned to Virtual Server

When request comes in to physical server, it looks at the URL that was used

(acct.abccompany.local vs mktg. abccompany.local)

Picks the correct virtual server based on the host headers

Only need one IP address! Arguably the most common method

For internal webs, we may only want access from INTERNAL addresses◦ “You can see this, but only when you are at work”

site Properties > Directory Security > IP Address and Domain Restrictions

Set default behavior (Grant/Deny) Set exceptions

◦ DENY All except 172.17.0.0/16

By default anonymous access is allowed Users group has

◦ Read/Execute◦ List Folder Contents◦ Read Permissions etc

Take away permissions and take away anonymous access user must authenticate

Site Props > Directory Security >Authentication & access control

Disable Anonymous Pick Methods

◦ Integrated Windows auth IE only (now firefox as well)

◦ Basic auth password sent clear text!!

◦ Digest (only for domain users)◦ .NET

Created multiple web sites inside a single web server

Restricted access by IP (where are you?) Restricted access by user (who are you?)

Still need…Still need…◦ Encryption (SSL)◦ Nicer Content – Portals, etc