MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # 70-643) Chapter Six Configuring Windows Server 2008 Web Services, Part 1
Objectives Create and configure Web applications utilizing application pools on IIS 7 Manage IIS Web sites including publishing, configuring virtual directories, and migrating sites and Web applications Create and configure FTP 6 sites Create and configure FTP 7 sites Create and configure SMTP virtual servers 2
Configuring Web Applications Internet Information Services (IIS) Server role available in all versions of Server 2008 Modular architecture Install only desired components Web application Not the same thing as a Web site Application runs within the context of a site Site can have different areas with no user interaction with a Web application Single site can have multiple Web applications 3
Directory-Dependent Applications Accessed by directly referring to the directory where it resides Example: http://www.yourcompany.com/login Application residing in the login directory presents user with a form to enter their login information The login directory might be the only area within the Web site that runs the login application 4
URL-Specified Applications URL-specified configuration Determines appropriate application to execute by looking at parameters passed in the URL Example: http://www.yourcompany.com?uid=0 Application looks at the uid (User ID) Sees that it is zero and directs user to login page If uid was not zero, user may have been redirected to home or welcome page 5
.ASP (Classic ASP) vs..aspx (ASP.NET) Active Server Pages One of the most common types of Web applications Two types: Classic ASP and ASP.NET Classic ASP files Have an extension of.asp ASP.NET files Have an extension of.aspx Have additional functionality 6
Classic ASP vs. ASP.NET (cont d.) Role services available within the Application Server role.net Framework 3.5.1 Web Server (IIS) support Com+ network access TCP port sharing Windows Process Activation Service Support (WAS) Distributed transactions 7
Activity 6-1: Create a Web Application Create the following directory on the server s C drive: C:\websites\example Click Start, point to Administrative Tools, click Internet Information Services Manager Expand the server node in the Connections pane Expand Sites Select Default Web Site in the Connections pane Right-click the Default Web Site and click Add Application 8
Activity 6-1: Create a Web Application (cont d.) Type example in the Alias text box Application would be accessed by users via http://yourdomain.com/example Type c:\websites\example in the Physical path text box Click Connect as to open the Connect As dialog box Click on the option button next to Application user (pass-through authentication) Click OK 9
Figure 6-1 Add Application dialog box Cengage Learning 2012 10
Figure 6-2 Connect As dialog box Cengage Learning 2012 11
Activity 6-1: Create a Web Application (cont d.) Click the Test settings button in the Add Application dialog box to open the Test Connection dialog box Authentication test should have a green check box next to it Authorization will probably have a yellow triangle with an exclamation mark Click Close, click OK to close the Add Application dialog box 12
Figure 6-3 Test Connection dialog box Cengage Learning 2012 13
Application Pools Isolate Web sites from Web applications Each Application Pool contains its own worker processes Prevents problems with one site or application from creating problems for other sites Recycling Allows you to restart an Application Pool gracefully Done if defects cause an application to use large amounts of resources Settings can be either Fixed Interval or Memory Based Maximums 14
Activity 6-2: Create an Application Open IIS Manager Pool Right-click the Application Pools node in the Connections Pane and choose Add Application Pool Type Example2 in the Name text box Select.NET Framework v2.0.50727 in the.net Framework version drop-down list (or choose the highest version available) Select Integrated in the Managed pipeline mode: drop-down list 15
Activity 6-2: Create an Application Pool (cont d.) Click the check box next to Start application pool immediately if it is not already checked Click OK Select the Example2 application pool on the Application Pool screen Click Recycling under Edit Application Pool in the Actions pane Check the boxes next to Regular time intervals and Fixed number of requests Type 1740 and 15000 in corresponding text boxes 16
Figure 6-4 Application Pools Cengage Learning 2012 17
Figure 6-5 Edit Application Pool Recycling Settings Cengage Learning 2012 18
Activity 6-2: Create an Application Pool (cont d.) Click the check box next to Virtual memory usage Enter 40000 in the corresponding text box Click Next Ensure Regular time intervals and Virtual memory usage check boxes are selected Click Finish 19
Figure 6-6 Edit Application Pool Recycling event logging Cengage Learning 2012 20
Managing Web Sites Properly configured and managed Web site infrastructure Essential component of an effective Web site Publishing IIS Web Sites Creating appropriate folders on the server Moving content into folders Actual publishing done through IIS Manager 21
Publishing IIS Web Sites General steps to publish a Web site Open IIS Manager Right-click Sites node in Connections pane Choose Add Web Site Enter the site name, physical path, and binding information Click OK Bindings refer to the IP address and port a Web site communicates over Binding information must be unique on the server 22
Figure 6-7 Add Web Site dialog box Cengage Learning 2012 23
Configuring Virtual Directories Virtual directories Allow a Web site or Web application to access content outside of default file structure Steps to create a virtual directory Open IIS manager Right-click site or application to add to the virtual directory Choose Add Virtual Directory Type name beneath Alias and type or select the file path in the text box beneath Physical path 24
Figure 6-8 Add Virtual Directory dialog box Cengage Learning 2012 25
Migrating Sites and Web Applications Migrating a Web site Copying folders from old server to new Recreating any additional sites, Web applications, and virtual directories Any changes from default server settings will need to be moved Adjust server-level configuration settings as needed 26
Configuring an FTP Server File Transfer Protocol (FTP) Simple protocol designed specifically to transfer files Allows authorized users to upload or download content from remote server User does not have access to command line of system they are connecting to Permissions can be limited to a small set of directories where files can be copied to or from FTP 6 Role Service for the FTP Server under IIS 7 Included in Server 2008 27
Configuring an FTP Server (cont d.) FTP 7.5 Enhanced version included in Server 2008 R2 Improved security and administration features Limitations in FTP 6 Must create a local Windows user or Domain user to allow people to log into specific FTP accounts For multiple FTP sites on a single server, each must have unique combination of IP address and port number FTP User Isolation used to configure which directories a user can access 28
Activity 6-3: Add FTP 6 Role Service Open Server Manager (Server 2008 only) Right-click Web Server (IIS) Role and choose Add Role Services Check the boxes for FTP Server, FTP Service, and FTP Management Console Click Next to add the Role Service 29
Activity 6-4: Create a New FTP 6 Site Open IIS 6.0 Manager Click Default FTP Site, and click small square icon on bar underneath menu options to stop the default FTP site Right-click the FTP Sites node, choose New, then FTP Site Click Next In the text box underneath Description, type test Click Next 30
Figure 6-9 Stopping the default FTP site Cengage Learning 2012 31
Activity 6-4: Create a New FTP 6 Site Select All Unassigned from the Enter the IP address to use for this FTP site: drop down Type 21 in the text box to assign the port number Click the option button next to Do not isolate users Click Next Type C:\inetpub\ftproot\test, and click Next Click the check box next to Read, and click Next Click Finish 32
Configuring Your FTP Site Using IIS Manager From IIS Manager, can start or stop an FTP site Or adjust the site configuration To adjust site configuration: Right-click the site in the left panel and choose Properties FTP Site tab in the Properties dialog box FTP site authentication section FTP site connection section Logging section 33
Figure 6-10 FTP site Properties dialog box Cengage Learning 2012 34
Configuring Your FTP Site Using IIS Security Accounts tab Manager (cont d.) Choose whether to allow anonymous connections Messages tab Specify messages that will be sent to client during their session Examples: Welcome message, Exit message Home Directory tab Adjust the home directory location Directory Security tab Grant or deny access to different computers based on IP address 35
FTP 7 Latest FTP Server for Windows Server 2008 Included in Server 2008 R2 Also available as a download Install FTP 7 in same manner as FTP 6 IF FTP 6 is installed, must uninstall it first Steps to uninstall FTP 6 Open the Server Manager Right-click Web Server, choose remove Role Services Uncheck the FTP Publishing Service option 36
Activity 6-5: Add FTP 7 Role Service Open Server Manager Right-click Web Server (IIS) Role, choose Add Role Services Check the boxes for FTP Server, FTP Service, and FTP Extensibility Click Next to add the role service 37
Figure 6-11 Add Role Services Cengage Learning 2012 38
Table 6-1 Major feature differences between FTP 6 and FTP 7 39
Activity 6-6: Create a New FTP 7 Site Create a folder named test2 in the C:\inetpub\ftproot folder Open IIS Manager, right-click the server node, and then click Add FTP Site Right-click the FTP Sites node, choose New, then FTP Site Click Next In the text box underneath Description: type test 40
Activity 6-6: Create a New FTP 7 Site (cont d.) Type test2 in the FTP site name text box In the Physical path text box, type C:\inetpub\ftproot\test2 and then click Next Ensure that (All Unassigned) is displayed in the IP Address: drop-down field Type 21 in the Port text box Click the Enable Virtual Host Names check box to select it Type ftp.mydomain.com in the Virtual Host text box 41
Activity 6-6: Create a New FTP 7 Site (cont d.) Check the box next to Start FTP site automatically Click the Allow SSL option button Select Not Selected in the drop-ssl Certificate drop-down list, and click Next Click the Anonymous check box Ensure Basic check box is not checked Select Anonymous users in the Allow access to drop-down list Click Read and ensure Write is not checked Click Finish 42
Managing FTP 7 Virtual Directories Folder creation options Create folders under the physical root Create virtual directories outside the main folder structure that appear to users as subfolders Creating a virtual directory Right-click the site node in the Connections pane Choose Add Virtual directory Enter an alias for the folder and its physical path Click OK 43
FTP 7 Advanced Settings Figure 6-12 FTP Advanced Settings Cengage Learning 2012 44
Adding FTP Publishing to a Web Site New feature in FTP 7.5.5 Ability to add FTP publishing to an existing Web site FTP service can be managed and restarted independently of the Web site Remote administrator can upload content to the Web site without creating an independent FTP site or configuring virtual directories Steps to add FTP publishing to a Web site Right-click an existing web site and choose Add FTP Publishing 45
Adding FTP Publishing to a Web Site (cont d.) Steps to add FTP publishing to a Web site (cont d.) Assign an IP address and port Enable Virtual Host Names and enter a name Make basic SSL choices Click Next Choose Authentication types and authorization settings Click Finish 46
Authentication Options Authentication settings can be adjusted beyond options given in the wizard Choose site and double-click FTP Authentication Anonymous authentication Allows all users to access the FTP site Basic authentication Allows restricting access to local or domain users IIS Manager authorization ASP.NET authorization 47
Authorization Rules Specify users read and write permissions Choose a site in the Connections pane Double-click FTP Authorization Rules in Features View Edit an existing rule or add a new Allow or Deny rule Click appropriate link in the Actions pane 48
FTP User Isolation Allows you to provide individual directories to the users and prevent other users from accessing content Options for not isolating users FTP root directory User name directory Options for isolating users User name directory User name physical directory FTP home directory configured in Active Directory 49
FTP SSL Settings FTP can be a security risk SSL encryption can be used to increase security New features in FTP 7.5 Ability to use FTPS Encrypting login to the server File transfer using the SSL protocol and a certificate To configure SSL: Choose SSL-enabled site from the Connections pane and double-click FTP SSL Settings icon Choose certificate and SSL policy settings 50
FTP Firewall Support For FTP to function through a firewall: Various ports need to be opened Active FTP connections Can work through the firewall for non SSL connections May not work for FTPS when using NAT Passive data connections Will work through FTPS through a NAT device Must specify port range and control channel 51
FTP IPv4 Address and Domain Restrictions Setting address or domain restrictions Choose site in Connections pane and double-click FTP IPv4 Address and Domain Restrictions Choose Add Allow Entry or Add Deny Entry, and type in IP addresses to restrict or allow Enabling domain name restrictions Choose Edit Feature Settings, select check box next to Enable domain name restrictions, and click OK, and Yes Click either Add Allow Entry or Add Deny Entry Domain entry will now be an option 52
FTP Current Sessions Viewing status of currently running sessions Click site node in the Connections pane Double-click FTP Current Sessions from Features View FTP Messages Banner message Welcome message Exit message Maximum Connections message 53
Figure 6-13 FTP Messages screen Cengage Learning 2012 54
FTP Logging Logging usage of FTP Important part of managing an FTP server To configure logging: Click server node in Connections pane Double-click FTP Logging Drop-down gives choice of one log file per site or server Log File section Allows customizing which fields will be logged Select location of log file and encoding 55
Figure 6-14 Information To Log dialog Cengage Learning 2012 56
FTP Directory Browsing Feature available at both server and site level Hierarchical Directory Listing style MS-DOS or UNIX style Directory Listing options Virtual directories Available bytes Four-digit years 57
Configuring an SMTP Server Simple Mail Transport Protocol (SMTP) Used to send e-mail Defines format and information included with text of message Windows Server 2008 contains SMTP feature that allows you to send e-mail from Web applications Can secure using various combinations of authentication Can specify address restrictions to prevent unauthorized use 58
Activity 6-7: Install SMTP Server Open Server Manager, right click the Features node, choose Add Features Check the box next to SMTP Server Click button that says Add Required Role Services Click Next Click Next Click Next to continue to confirmation dialog Click Install, and then Close once Installation Results screen appears 59
Figure 6-15 Select Role Services dialog Cengage Learning 2012 60
Figure 6-16 Confirm Installation Selections Cengage Learning 2012 61
Configure SMTP Server When SMTP Server is installed: Default virtual server is created Can configure it for your purposes Or create specialized SMTP virtual servers 62
Activity 6-8: Create an SMTP Virtual Server Open IIS 6.0 Manager from the Administrative Tools program group In left navigation pane, right-click the server node, point to New, and click SMTP Virtual Server Type WebResponse in the Name text box, click Next Select [All Unassigned] in the drop-down list, click Next Click Yes to proceed past the warning message 63
Figure 6-17 SMTP Configuration warning screen Cengage Learning 2012 64
Activity 6-8: Create an SMTP Virtual Server (cont d.) Type C:\INETPUB\Mailroot in the Home directory text box, click Next Type test.yourdomain.com in the Domain text box Click Finish 65
Activity 6-8: Create an SMTP Virtual Note: Server (cont d.) Manage SMTP virtual Server through IIS 6.0 Manager To access configuration options, right-click SMTP Virtual Server, click Properties Properties tabs: General, Access, Messages, Delivery, LDAP Routing, Security 66
Figure 6-18 General tab Cengage Learning 2012 67
Figure 6-19 Access tab Cengage Learning 2012 68
Figure 6-20 Connection dialog box Cengage Learning 2012 69
Figure 6-21 Relay restrictions screen Cengage Learning 2012 70
Figure 6-22 Delivery tab Cengage Learning 2012 71
Figure 6-23 Outbound security screen Cengage Learning 2012 72
Figure 6-24 Outbound Connections screen Cengage Learning 2012 73
Monitoring Performance Three main ways to monitor performance of SMTP Virtual Server Open IIS 6.0 Manager and choose Current Sessions object Open Windows Performance Monitor and select SMTP Server Periodically review messages in server root directory folders Examples: Badmail, Drop, Pickup, Queue 74
Configuring SMTP for ASP.NET To access settings that ASP.NET applications use for sending-mail Choose server node in Connections panel Double-click SMTP E-mail icon in Features view Settings do not change the configuration of the SMTP server They specify the connection settings the Web applications will use 75
Figure 6-25 SMTP for ASP.NET Cengage Learning 2012 76
Summary Web applications can be accessed based on the directories they are placed in or through the URL Application Pools separate the worker processes of Web applications so they do not affect each other Virtual directories allow a Web site or Web application to access content outside the default file structure FTP provides a simple method for copying content to Web sites without direct access to the server 77
Summary (cont d.) FTP6 requires all authenticated users (except Anonymous) to be either Windows or domain users on the server FTP 7 can use the IIS Manager list to authenticate a user SMTP virtual servers allow Web applications to send e-mail Various settings are available in the Messages and Delivery tabs ASP.NET applications can access e-mail settings 78