MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # )

(1)

MCTS Guide to Microsoft

Windows Server 2008

Applications Infrastructure

Configuration (Exam # 70-643)

Chapter Six

Configuring Windows Server 2008 Web

Services, Part 1

(2)

Objectives

• Create and configure Web applications utilizing

application pools on IIS 7

• Manage IIS Web sites including publishing,

configuring virtual directories, and migrating sites

and Web applications

• Create and configure FTP 6 sites

• Create and configure FTP 7 sites

• Create and configure SMTP virtual servers

(3)

MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # 70-643)

Configuring Web Applications

• Internet Information Services (IIS)

– Server role available in all versions of Server 2008

– Modular architecture

• Install only desired components

• Web application

– Not the same thing as a Web site

– Application runs within the context of a site

– Site can have different areas with no user interaction

with a Web application

– Single site can have multiple Web applications

3

(4)

Directory-Dependent Applications

• Accessed by directly referring to the directory

where it resides

• Example: http://www.yourcompany.com/login

– Application residing in the login directory presents

user with a form to enter their login information

– The login directory might be the only area within the

Web site that runs the login application

(5)

URL-Specified Applications

• URL-specified configuration

– Determines appropriate application to execute by

looking at parameters passed in the URL

• Example: http://www.yourcompany.com?uid=0

– Application looks at the uid (User ID)

• Sees that it is zero and directs user to login page

• If uid was not zero, user may have been redirected to

home or welcome page

5

(6)

.ASP (Classic ASP) vs. .ASPX

(ASP.NET)

• Active Server Pages

– One of the most common types of Web applications

– Two types: Classic ASP and ASP.NET

• Classic ASP files

– Have an extension of .ASP

• ASP.NET files

– Have an extension of .ASPX

– Have additional functionality

(7)

Classic ASP vs. ASP.NET (cont’d.)

• Role services available within the Application

Server role

– .NET Framework 3.5.1

– Web Server (IIS) support

– Com+ network access

– TCP port sharing

– Windows Process Activation Service Support (WAS)

– Distributed transactions

7

(8)

Activity 6-1: Create a Web Application

• Create the following directory on the server’s C

drive: C:\websites\example

• Click Start, point to Administrative Tools, click

Internet Information Services Manager

– Expand the server node in the Connections pane

– Expand Sites

– Select Default Web Site in the Connections pane

• Right-click the Default Web Site and click Add

Application

(9)

Activity 6-1: Create a Web Application

(cont’d.)

• Type example in the Alias text box

– Application would be accessed by users via

http://yourdomain.com/example

• Type c:\websites\example in the Physical path text

box

• Click Connect as to open the Connect As dialog

box

• Click on the option button next to Application user

(pass-through authentication)

– Click OK

9

(10)

Figure 6-1 Add Application dialog box

©Cengage Learning 2012

(11)

11

Figure 6-2 Connect As dialog box

(12)

Activity 6-1: Create a Web Application

(cont’d.)

• Click the Test settings button in the Add Application

dialog box to open the Test Connection dialog box

– Authentication test should have a green check box

next to it

– Authorization will probably have a yellow triangle

with an exclamation mark

• Click Close, click OK to close the Add Application

dialog box

(13)

13

Figure 6-3 Test Connection dialog box

(14)

Application Pools

• Isolate Web sites from Web applications

• Each Application Pool contains its own worker

processes

– Prevents problems with one site or application from

creating problems for other sites

• Recycling

– Allows you to restart an Application Pool gracefully

– Done if defects cause an application to use large

amounts of resources

– Settings can be either Fixed Interval or Memory

Based Maximums

(15)

Activity 6-2: Create an Application

Pool

• Open IIS Manager

• Right-click the Application Pools node in the

Connections Pane and choose Add Application

Pool

• Type Example2 in the Name text box

• Select .NET Framework v2.0.50727 in the .NET

Framework version drop-down list (or choose the

highest version available)

• Select Integrated in the Managed pipeline mode:

drop-down list

15

(16)

Activity 6-2: Create an Application

Pool (cont’d.)

• Click the check box next to Start application pool

immediately if it is not already checked

– Click OK

• Select the Example2 application pool on the

Application Pool screen

• Click Recycling under Edit Application Pool in the

Actions pane

• Check the boxes next to Regular time intervals and

Fixed number of requests

– Type 1740 and 15000 in corresponding text boxes

(17)

17

Figure 6-4 Application Pools

(18)

Figure 6-5 Edit Application Pool Recycling Settings

(19)

Activity 6-2: Create an Application

Pool (cont’d.)

• Click the check box next to Virtual memory usage

– Enter 40000 in the corresponding text box

– Click Next

• Ensure Regular time intervals and Virtual memory

usage check boxes are selected

– Click Finish

19

(20)

Figure 6-6 Edit Application Pool Recycling event logging

(21)

Managing Web Sites

• Properly configured and managed Web site

infrastructure

– Essential component of an effective Web site

• Publishing IIS Web Sites

– Creating appropriate folders on the server

– Moving content into folders

– Actual publishing done through IIS Manager

21

(22)

Publishing IIS Web Sites

• General steps to publish a Web site

– Open IIS Manager

– Right-click Sites node in Connections pane

– Choose Add Web Site

– Enter the site name, physical path, and binding

information

– Click OK

• Bindings refer to the IP address and port a Web

site communicates over

– Binding information must be unique on the server

(23)

23

Figure 6-7 Add Web Site dialog box

(24)

Configuring Virtual Directories

• Virtual directories

– Allow a Web site or Web application to access

content outside of default file structure

• Steps to create a virtual directory

– Open IIS manager

– Right-click site or application to add to the virtual

– Choose Add Virtual Directory

– Type name beneath Alias and type or select the file

path in the text box beneath Physical path

(25)

25

Figure 6-8 Add Virtual Directory dialog box

(26)

Migrating Sites and Web Applications

• Migrating a Web site

– Copying folders from old server to new

– Recreating any additional sites, Web applications,

and virtual directories

– Any changes from default server settings will need to

be moved

– Adjust server-level configuration settings as needed

(27)

Configuring an FTP Server

• File Transfer Protocol (FTP)

– Simple protocol designed specifically to transfer files

– Allows authorized users to upload or download

content from remote server

– User does not have access to command line of

system they are connecting to

– Permissions can be limited to a small set of

directories where files can be copied to or from

• FTP 6

– Role Service for the FTP Server under IIS 7

– Included in Server 2008

27

(28)

Configuring an FTP Server (cont’d.)

• FTP 7.5

– Enhanced version included in Server 2008 R2

– Improved security and administration features

• Limitations in FTP 6

– Must create a local Windows user or Domain user to

allow people to log into specific FTP accounts

– For multiple FTP sites on a single server, each must

have unique combination of IP address and port

number

• FTP User Isolation used to configure which

directories a user can access

(29)

Activity 6-3: Add FTP 6 Role Service

(Server 2008 only)

• Open Server Manager

• Right-click Web Server (IIS) Role and choose Add

Role Services

• Check the boxes for FTP Server, FTP Service, and

FTP Management Console

• Click Next to add the Role Service

29

(30)

Activity 6-4: Create a New FTP 6 Site

• Open IIS 6.0 Manager

• Click Default FTP Site, and click small square icon

on bar underneath menu options to stop the default

FTP site

• Right-click the FTP Sites node, choose New, then

FTP Site

• Click Next

• In the text box underneath Description, type test

– Click Next

(31)

31

Figure 6-9 Stopping the default FTP site

(32)

Activity 6-4: Create a New FTP 6 Site

• Select All Unassigned from the Enter the IP

address to use for this FTP site: drop down

• Type 21 in the text box to assign the port number

• Click the option button next to Do not isolate users

– Click Next

• Type C:\inetpub\ftproot\test, and click Next

• Click the check box next to Read, and click Next

• Click Finish

(33)

Configuring Your FTP Site Using IIS

Manager

• From IIS Manager, can start or stop an FTP site

– Or adjust the site configuration

• To adjust site configuration:

– Right-click the site in the left panel and choose

Properties

• FTP Site tab in the Properties dialog box

– FTP site authentication section

– FTP site connection section

– Logging section

33

(34)

Figure 6-10 FTP site Properties dialog box

(35)

Configuring Your FTP Site Using IIS

Manager (cont’d.)

• Security Accounts tab

– Choose whether to allow anonymous connections

• Messages tab

– Specify messages that will be sent to client during

their session

– Examples: Welcome message, Exit message

• Home Directory tab

– Adjust the home directory location

• Directory Security tab

– Grant or deny access to different computers based

on IP address

35

(36)

FTP 7

• Latest FTP Server for Windows Server 2008

• Included in Server 2008 R2

– Also available as a download

• Install FTP 7 in same manner as FTP 6

– IF FTP 6 is installed, must uninstall it first

• Steps to uninstall FTP 6

– Open the Server Manager

– Right-click Web Server, choose remove Role

Services

– Uncheck the FTP Publishing Service option

(37)

Activity 6-5: Add FTP 7 Role Service

• Open Server Manager

• Right-click Web Server (IIS) Role, choose Add Role

Services

• Check the boxes for FTP Server, FTP Service, and

FTP Extensibility

• Click Next to add the role service

37

(38)

Figure 6-11 Add Role Services

(39)

39

Table 6-1 Major feature differences between FTP 6 and FTP 7

(40)

Activity 6-6: Create a New FTP 7 Site

• Create a folder named test2 in the

C:\inetpub\ftproot folder

• Open IIS Manager, right-click the server node, and

then click Add FTP Site

• Right-click the FTP Sites node, choose New, then

FTP Site

• Click Next

• In the text box underneath Description: type test

(41)

Activity 6-6: Create a New FTP 7 Site

(cont’d.)

• Type test2 in the FTP site name text box

• In the Physical path text box, type

C:\inetpub\ftproot\test2 and then click Next

• Ensure that (All Unassigned) is displayed in the IP

Address: drop-down field

• Type 21 in the Port text box

• Click the Enable Virtual Host Names check box to

select it

– Type ftp.mydomain.com in the Virtual Host text box

41

(42)

Activity 6-6: Create a New FTP 7 Site

(cont’d.)

• Check the box next to Start FTP site automatically

• Click the Allow SSL option button

• Select Not Selected in the drop-SSL Certificate

drop-down list, and click Next

• Click the Anonymous check box

• Ensure Basic check box is not checked

• Select Anonymous users in the Allow access to

drop-down list

• Click Read and ensure Write is not checked

• Click Finish

(43)

Managing FTP 7 Virtual Directories

• Folder creation options

– Create folders under the physical root

– Create virtual directories outside the main folder

structure that appear to users as subfolders

• Creating a virtual directory

– Right-click the site node in the Connections pane

– Choose Add Virtual directory

– Enter an alias for the folder and its physical path

– Click OK

43

(44)

FTP 7 Advanced Settings

Figure 6-12 FTP Advanced

Settings

(45)

Adding FTP Publishing to a Web Site

• New feature in FTP 7.5.5

– Ability to add FTP publishing to an existing Web site

• FTP service can be managed and restarted

independently of the Web site

– Remote administrator can upload content to the Web

site without creating an independent FTP site or

configuring virtual directories

• Steps to add FTP publishing to a Web site

– Right-click an existing web site and choose Add FTP

Publishing

45

(46)

Adding FTP Publishing to a Web Site

(cont’d.)

• Steps to add FTP publishing to a Web site (cont’d.)

– Assign an IP address and port

– Enable Virtual Host Names and enter a name

– Make basic SSL choices

– Click Next

– Choose Authentication types and authorization

settings

– Click Finish

(47)

Authentication Options

• Authentication settings can be adjusted beyond

options given in the wizard

– Choose site and double-click FTP Authentication

• Anonymous authentication

– Allows all users to access the FTP site

• Basic authentication

– Allows restricting access to local or domain users

• IIS Manager authorization

• ASP.NET authorization

47

(48)

Authorization Rules

• Specify users’ read and write permissions

• Choose a site in the Connections pane

• Double-click FTP Authorization Rules in Features

View

• Edit an existing rule or add a new Allow or Deny

rule

– Click appropriate link in the Actions pane

(49)

FTP User Isolation

• Allows you to provide individual directories to the

users and prevent other users from accessing

content

• Options for not isolating users

– FTP root directory

– User name directory

• Options for isolating users

– User name directory

– User name physical directory

– FTP home directory configured in Active Directory

49

(50)

FTP SSL Settings

• FTP can be a security risk

• SSL encryption can be used to increase security

• New features in FTP 7.5

– Ability to use FTPS

– Encrypting login to the server

– File transfer using the SSL protocol and a certificate

• To configure SSL:

– Choose SSL-enabled site from the Connections

pane and double-click FTP SSL Settings icon

– Choose certificate and SSL policy settings

(51)

FTP Firewall Support

• For FTP to function through a firewall:

– Various ports need to be opened

• Active FTP connections

– Can work through the firewall for non SSL

connections

– May not work for FTPS when using NAT

• Passive data connections

– Will work through FTPS through a NAT device

– Must specify port range and control channel

51

(52)

FTP IPv4 Address and Domain

Restrictions

• Setting address or domain restrictions

– Choose site in Connections pane and double-click

FTP IPv4 Address and Domain Restrictions

– Choose Add Allow Entry or Add Deny Entry, and

type in IP addresses to restrict or allow

• Enabling domain name restrictions

– Choose Edit Feature Settings, select check box next

to Enable domain name restrictions, and click OK,

and Yes

– Click either Add Allow Entry or Add Deny Entry

• Domain entry will now be an option

(53)

FTP Current Sessions

• Viewing status of currently running sessions

– Click site node in the Connections pane

– Double-click FTP Current Sessions from Features

View

• FTP Messages

– Banner message

– Welcome message

– Exit message

– Maximum Connections message

53

(54)

Figure 6-13 FTP Messages screen

(55)

FTP Logging

• Logging usage of FTP

– Important part of managing an FTP server

• To configure logging:

– Click server node in Connections pane

– Double-click FTP Logging

– Drop-down gives choice of one log file per site or

server

• Log File section

– Allows customizing which fields will be logged

– Select location of log file and encoding

55

(56)

Figure 6-14 Information To Log dialog

(57)

FTP Directory Browsing

• Feature available at both server and site level

• Hierarchical

• Directory Listing style

– MS-DOS or UNIX style

• Directory Listing options

– Virtual directories

– Available bytes

– Four-digit years

57

(58)

Configuring an SMTP Server

• Simple Mail Transport Protocol (SMTP)

– Used to send e-mail

– Defines format and information included with text of

message

• Windows Server 2008 contains SMTP feature that

allows you to send e-mail from Web applications

– Can secure using various combinations of

authentication

– Can specify address restrictions to prevent

unauthorized use

(59)

Activity 6-7: Install SMTP Server

• Open Server Manager, right click the Features

node, choose Add Features

• Check the box next to SMTP Server

– Click button that says Add Required Role Services

– Click Next

– Click Next to continue to confirmation dialog

• Click Install, and then Close once Installation

Results screen appears

59

(60)

Figure 6-15 Select Role Services dialog

(61)

61

Figure 6-16 Confirm Installation Selections

(62)

Configure SMTP Server

• When SMTP Server is installed:

– Default virtual server is created

• Can configure it for your purposes

– Or create specialized SMTP virtual servers

(63)

Activity 6-8: Create an SMTP Virtual

Server

• Open IIS 6.0 Manager from the Administrative

Tools program group

• In left navigation pane, right-click the server node,

point to New, and click SMTP Virtual Server

• Type WebResponse in the Name text box, click

• Select [All Unassigned] in the drop-down list, click

• Click Yes to proceed past the warning message

63

(64)

Figure 6-17 SMTP Configuration warning screen

(65)

Activity 6-8: Create an SMTP Virtual

Server (cont’d.)

• Type C:\INETPUB\Mailroot in the Home directory

text box, click Next

• Type test.yourdomain.com in the Domain text box

• Click Finish

65

(66)

Activity 6-8: Create an SMTP Virtual

Server (cont’d.)

• Note:

– Manage SMTP virtual Server through IIS 6.0

Manager

• To access configuration options, right-click SMTP

Virtual Server, click Properties

– Properties tabs: General, Access, Messages,

Delivery, LDAP Routing, Security

(67)

67

Figure 6-18 General tab

(68)

Figure 6-19 Access tab

(69)

69

Figure 6-20 Connection dialog box

(70)

Figure 6-21 Relay restrictions screen

(71)

71

Figure 6-22 Delivery tab

(72)

Figure 6-23 Outbound

security screen

(73)

73

Figure 6-24 Outbound Connections screen

(74)

Monitoring Performance

• Three main ways to monitor performance of SMTP

Virtual Server

– Open IIS 6.0 Manager and choose Current Sessions

object

– Open Windows Performance Monitor and select

SMTP Server

– Periodically review messages in server root directory

folders

• Examples: Badmail, Drop, Pickup, Queue

(75)

Configuring SMTP for ASP.NET

• To access settings that ASP.NET applications use

for sending-mail

– Choose server node in Connections panel

– Double-click SMTP E-mail icon in Features view

• Settings do not change the configuration of the

SMTP server

– They specify the connection settings the Web

applications will use

75

(76)

Figure 6-25 SMTP for ASP.NET

(77)

Summary

• Web applications can be accessed based on the

directories they are placed in or through the URL

• Application Pools separate the worker processes of

Web applications so they do not affect each other

• Virtual directories allow a Web site or Web

application to access content outside the default

file structure

• FTP provides a simple method for copying content

to Web sites without direct access to the server

77

(78)

Summary (cont’d.)

• FTP6 requires all authenticated users (except

Anonymous) to be either Windows or domain users

on the server

• FTP 7 can use the IIS Manager list to authenticate

a user

• SMTP virtual servers allow Web applications to

send e-mail

– Various settings are available in the Messages and

Delivery tabs

• ASP.NET applications can access e-mail settings