IT:Network:Apps. Microsoft Web Server ◦ Used by ~ 50% of Fortune 500 companies Comes with Server...

16
IT:Network:Apps

Transcript of IT:Network:Apps. Microsoft Web Server ◦ Used by ~ 50% of Fortune 500 companies Comes with Server...

Page 1: IT:Network:Apps.  Microsoft Web Server ◦ Used by ~ 50% of Fortune 500 companies  Comes with Server OS  Expandable  Easy to use.

IT:Network:Apps

Page 2: IT:Network:Apps.  Microsoft Web Server ◦ Used by ~ 50% of Fortune 500 companies  Comes with Server OS  Expandable  Easy to use.

Microsoft Web Server◦ Used by ~ 50% of Fortune 500 companies

Comes with Server OS Expandable Easy to use

Page 3: IT:Network:Apps.  Microsoft Web Server ◦ Used by ~ 50% of Fortune 500 companies  Comes with Server OS  Expandable  Easy to use.

Windows Components > Application Server◦ ASP.NET (optional but lots of 3rd party solns use

it)◦ IIS >

Common Files IIS Manager World Wide Web Service

Other stuff can be installed (SMTP server, FTP server)

Page 4: IT:Network:Apps.  Microsoft Web Server ◦ Used by ~ 50% of Fortune 500 companies  Comes with Server OS  Expandable  Easy to use.

www.abccompany.local DNS name Update the abccompany.local zone

◦ www Address 172.17.6.10◦ www Alias mssrv01.abccompany.local

Page 5: IT:Network:Apps.  Microsoft Web Server ◦ Used by ~ 50% of Fortune 500 companies  Comes with Server OS  Expandable  Easy to use.

IIS Manager > server > Web Sites > Default Web Site

Pretty much basic, functional web site◦ Listens on Port 80◦ C:\InetPub\wwwroot\◦ Need to create the index.htm (and related) file(s)

Page 6: IT:Network:Apps.  Microsoft Web Server ◦ Used by ~ 50% of Fortune 500 companies  Comes with Server OS  Expandable  Easy to use.

Properties of Site◦ WebSite

IP address (All or specific) Port(s) (NOTE: SSL is more than just listing port) Logging/timeout

◦ HomeDirectory Where find files Could be redirection Permissions (like share perms)

◦ Documents What files to look for

index.html ???

Page 7: IT:Network:Apps.  Microsoft Web Server ◦ Used by ~ 50% of Fortune 500 companies  Comes with Server OS  Expandable  Easy to use.

IP address/Domain Restrictions◦ Who will we talk to? Who will we ignore◦ Allow all – Exceptions .OR. Deny all – Exceptions

Authentication◦ What users can see this site ◦ How authenticate them◦ More in a bit

Secure Communications◦ SSL◦ More later

Page 8: IT:Network:Apps.  Microsoft Web Server ◦ Used by ~ 50% of Fortune 500 companies  Comes with Server OS  Expandable  Easy to use.

www.abccompany.local acct.abccompany.local mktg.abccompany.local

How many servers do we need?

Page 9: IT:Network:Apps.  Microsoft Web Server ◦ Used by ~ 50% of Fortune 500 companies  Comes with Server OS  Expandable  Easy to use.

New hardware for each “site” New IP address for each “site”

Page 10: IT:Network:Apps.  Microsoft Web Server ◦ Used by ~ 50% of Fortune 500 companies  Comes with Server OS  Expandable  Easy to use.

One box ◦ Big Disk/RAM◦ Multiple IP addresses???

Web sites “Virtualized” inside physical server

Server must pick correct Virtual Server to access.

Page 11: IT:Network:Apps.  Microsoft Web Server ◦ Used by ~ 50% of Fortune 500 companies  Comes with Server OS  Expandable  Easy to use.

Multiple IP addresses on Physical Server◦ DNS for each Virtual Server points to different IP

addr acct.fencon.local 192.168.9.10 mktg.fencon.local 192.168.9.11

◦ Configure Web site to pay attention to unique IP 192.168.9.10 acct site 192.168.9.11 mktg site

Need IP address for each virtual host!

Page 12: IT:Network:Apps.  Microsoft Web Server ◦ Used by ~ 50% of Fortune 500 companies  Comes with Server OS  Expandable  Easy to use.

Single IP address on Physical Server◦ All Virtual hosts use the same IP address◦ Host header assigned to Virtual Server

When request comes in to physical server, it looks at the URL that was used

(acct.abccompany.local vs mktg. abccompany.local)

Picks the correct virtual server based on the host headers

Only need one IP address! Arguably the most common method

Page 13: IT:Network:Apps.  Microsoft Web Server ◦ Used by ~ 50% of Fortune 500 companies  Comes with Server OS  Expandable  Easy to use.

For internal webs, we may only want access from INTERNAL addresses◦ “You can see this, but only when you are at work”

site Properties > Directory Security > IP Address and Domain Restrictions

Set default behavior (Grant/Deny) Set exceptions

◦ DENY All except 172.17.0.0/16

Page 14: IT:Network:Apps.  Microsoft Web Server ◦ Used by ~ 50% of Fortune 500 companies  Comes with Server OS  Expandable  Easy to use.

By default anonymous access is allowed Users group has

◦ Read/Execute◦ List Folder Contents◦ Read Permissions etc

Take away permissions and take away anonymous access user must authenticate

Page 15: IT:Network:Apps.  Microsoft Web Server ◦ Used by ~ 50% of Fortune 500 companies  Comes with Server OS  Expandable  Easy to use.

Site Props > Directory Security >Authentication & access control

Disable Anonymous Pick Methods

◦ Integrated Windows auth IE only (now firefox as well)

◦ Basic auth password sent clear text!!

◦ Digest (only for domain users)◦ .NET

Page 16: IT:Network:Apps.  Microsoft Web Server ◦ Used by ~ 50% of Fortune 500 companies  Comes with Server OS  Expandable  Easy to use.

Created multiple web sites inside a single web server

Restricted access by IP (where are you?) Restricted access by user (who are you?)

Still need…Still need…◦ Encryption (SSL)◦ Nicer Content – Portals, etc