Office Automation

1
Office Automation Intranets

• BUSS 909

Lecture 8 Internet, Intranets and Extranets
Implementation and Management
2
Notices (1)

• Students must organise themselves into Teams in
  readiness for Assignment 3
• Each team must have 5 students, and must nominate
  a Team Leader (if necessary a 6th student may be
  allocated to a group)
• Teams should, if possible, belong to the same
  Tutorial Class
• Team membership must be emailed to me prior to
  Monday 7th September 1230 (Week 9)

3
Agenda

• Web Servers
• Installation
• Performance
• Maintenance
• Security- Firewalls
• Testing
• Client-side Testing
• Server-side Testing
• Maintenance and Integration
• Web Site Maintenance
• Web Applications

4
Web Server Installation
5
Web Server Installation

• set up of Web Servers may be non-trivial the
  steps are likely to include
• installing a pre-compiled server- for example,
  HTTP Deamon Server (httpd) from NCSA
• compilation of a server- to produce the required
  binaries
• site specific configuration- for httpd you are
  required to adjust the contents of three files

6
Web Server Installation

• Installation of the Server- move the httpd server
  and its files and directories to the required
  locations before starting the Web Server
• Starting the Server- often can run servers in a
  prototyping mode for testing (inetd) or in a
  standalone mode for production

7
Web Server Installation

• Mapping URLs to Documents- when a URL does not
  include a directory path or a filename, the web
  server
• either returns the contents of a file called
  index.html
• or, the file does not exist and the web server
  automatically generates a directory index
  (similar to ls-1)
• Testing the Web Server- exercise the server via a
  browser, should as a minimum provide an index.html

8
Web Server Installation

• Setting Up Home Pages- most often the entry point
  to a web server is a home page- home.html. Can
  have one or many depending on the number of sites
  being hosted
• Delegating Document Tree Management-
• discussion has assumed that a single user is
  using the web server
• in reality content maintenance is the
  responsibility of an authoring community- rights
  to subdirectories etc

9
Web Server Installation

• Conventions for Public Access-
• server names should start with www
• use a CNAME alias record that maps the web server
  name to an actual system name
• establish a so called webmaster alias- an email
  alias that people can use to send comments, tips
  on broken pointers etc.
• use signatures on the bottom of HTML pages
  mounted on the web server- often implemented as
  Server Side Includes (SSIs)

10
Web Server Installation

• Announcing the Web Server
• there are no formal procedures for this
• but there are well-established norms
• send announcement message to the mailing list at
  www-announce_at_www0.cern.ch
• post announcement message to www-request_at_info.cer
  n.ch - a CERN moderated list of servers
• send an announcement message to
  whatz-new_at_nsca.uiuc.edu - an NCSA moderated list

11
Web Server InstallationApache Web Server
Successful Installation!
12
Web Server PerformanceSource Yeager McGrath
(1996)
13
Web Server PerformanceDocument Distribution and
Caching

• each web server serves only one document tree
  (see L909-06.PPT)
• web servers expose a seamless view of
  information provided by the server, just as a web
  browser provides a seamless view of information
  on the web
• the information provided by the server may
  actually be stored and organised in many
  different ways

14
Web Server PerformanceDocument Distribution and
Caching

• the web server acts as a translator between a
  simple logical view of a document tree and the
  physical view of files stored on the server
• users do not want to know the complex details of
  physical storage but information providers must
  understand this
• web servers can be configured to provide
  documents from a conceptually simpler logical
  document tree rather than the complex physical
  reality

15
Physical View of the Document Tree
Logical View of the Document Tree
root
root
web
bin
usr
groups
temp
gargoyle
metallica
interactive
sculpture
graphics
music
gryphon
gargoyle- project
metallica-project
interactive- project
Rules ALIAS is the name of the function within
the Apache Server that provides mapping.
Source Yeager McGrath 1996, 180
16
Web Server PerformanceDocument Distribution and
Caching

• the information service provider may want the
  physical organisation as it is
• large servers may have thousands of documents to
  serve- more convenient to break documents into
  groups to store each separately
• no single logical view will service all the needs
  of different users

17
Web Server PerformanceDocument Distribution and
Caching

• for high throughput systems it may be necessary
  to reduce the load on the server- two ways to do
  this
• allocate part of the document tree to another
  server

18
Web Server Maintenance
19
Web Server Maintenance

• Depending on the type and state of the web
  server, it may be necessary to enhance its
  capabilities by
• providing additional MIME types (Multimedia
  Extension) if necessary
• Enabling Server-side includes- similar to include
  files in programming languages- however, they can
  include not only files but variables
• Automatic Directory Indexing- insurance against
  users pointing to a directory URL rather than a
  file URL when no index.html exists

20
Web Server Maintenance

• Updating HTML Documents- dont need to reboot the
  server, just lay the new documents over the
  existing ones
• Managing/Analysing Log Files- on a daily/weekly
  basis the systems administrator should move or
  archive the log files to prevent them from
  growing to big- the process should be automated
  as part of standard backup procedures

21
Web Server Maintenance

• Moving Directory Structures- on occasion parts of
  the document tree need to be moved in order to
  cope with disk space constraints or changing
  system environment
• Mirroring Documents and Servers- mirror
  (duplicate) part of another hosts directory tree
  in order to speed up your server (fetch slow
  graphics overnight), or in order to spread your
  servers load across another

22
Web Server SecurityReading 24 Lodin Scuba
(1998)
23
Web Server SecurityFirewalls (1)

• each company that connects to WWW provides new
  opportunities for crackers
• the general solution to secure internal networks
  is to construct a guarded gateway called a
  firewall

24
Web Server SecurityFirewalls (2)

• firewalls are the first defense against unwelcome
  visits to intranets and extranets
• firewalls comprise software and or hardware which
  collectively form a set of mechanisms that
  enforce secure communications traffic entering or
  leaving a network domain

25
Web Server SecurityFirewalls (3)

• firewalls have several different topologies (as
  we will show shortly)
• in general, firewalls are located between the
  internal network and the internet
• an estimated one third of all Internet connected
  machines are located behind firewalls (Liu et al
  1994, 497)

26
Web Server Security

• firewalls prevent unauthorised access between
  networks
• it implies that decisions have been made about
  what is allowed and disallowed across the
  firewall
• the decisions are based on the security policy
  for the site

27
Web Server Security

• firewalls work by examining the IP packets that
  travel between the server and the client
• this approach enables the control of information
  flow for each of the possible internet services
  by
• IP address
• by port
• in each direction

28
Firewalls- Security (based on Lodin Schuba
1998, 27)
Outside (untrusted) Network
LAN
Firewall
29
Firewalls- Security

• attempt to maintain privacy by protecting data
  that its entering or leaving a domain, by
  preventing
• passive wiretapping- data eavesdropping
• active wiretapping- data change
• traffic outside the firewall or internal to the
  domain is not affected

30
Firewalls- Security

• firewalls guard intranets and extranets from an
  outside and therefore untrusted network
• they may also guard against parts of the internal
  intranet from other parts

31
Firewalls- Security (based on Lodin Schuba
1998, 27)
LAN A and LAN B are parts of one organisations
intranet
a
b
LAN B
LAN A
c
d
d
e
Firewalls control communication to (a), from (b),
or through outside network, although they cannot
control messages within the LANs or external
connections through the outside network
32
Firewalls- Security

• can protect material within the domain- stored
  data, computational resources, and communication
  resources
• can be guarded against unauthorised access,
  browsing, leaking, modification, insertion, and
  deletion- can protect against denial of service
  type hacks

33
Firewalls- Security

• firewalls are generally applied to Transmission
  Control Protocol/Internet Protocol (TCP/IP)
  communications which are used in public Internet
  and private Intranets
• controversies abound on the need for firewalls-
  even if they are deficient, they are a focus for
  computer security policy

34
Firewalls- Security

• security mechanisms employed by firewalls
  correspond to layers in the Open Systems
  Interconnection (OSI) model
• OSI model views data communication in terms of
  movement through a series of layers (see
  L909-02.PPT)
• 1 Physical Layer 2 Data Link Layer 3 Network
  Layer 4 Transport Layer 5 Session Layer 6
  Presentation Layer 7 Application Layer

35
OSI Model
36
Firewalls- Security

• network address translation uses the network
  layer
• Layer 3 Network Layer causes the physical layer
  to transfer the frames from node to node
• all seven layers in the model may employ
  cryptographic mechanisms

37
Firewalls- Security

• packet filtering mechanism operates primarily on
  network and transport layers
• Layer 4 Transport Layer enables user and host
  nodes to communicate with each other
  synchronizes fast- and slow- speed equipment as
  well as overburdened and idle units

38
Firewalls- Security

• can impose overheads especially performance
  limitations (delays) on the throughput of the
  intranet
• this is becoming less of a concern due to speed
  improvements with hardware (higher processing
  speeds) and software optimisations

39
Firewalls- Security

• specific operations supported by firewalls
  include
• packet filtering- a router allows/denies the
  passage of data after checking its header and
  contents based on security rules
• network address translation (NAT)- hides internal
  addresses and network topology of the domain from
  outside users

40
Firewalls- Security

• circuit-level forwarding (low-level)- groups
  packets into connections. Inbound and outbound
  connections must connect to a proxy process
  before it can proceed. The proxy makes use of
  rules to determine whether the connection should
  be made.
• application-level forwarding (higher-level)-
  firewalls can interpret data in packets in
  accordance with protocols and security rules

41
Firewalls- Security

• crytographic mechanisms- enciphering or
  deciphering of messages using a secret code.
  There are many different types of crypographic
  meachanisms around.Internet Engineering Task
  Force for the IP security (IPsec) protocols

42
Web Applications
43
Web Applications

• a number of companies are implementing
  mission-critical web based applications
• these applications generally utilise databases
• attempt at developing closer alliances with
  customers, suppliers, partners, and employees

44
Web Applications

• sophisticated web applications must support
  complex Internet/intranet system configuration
• systems level hardware/software, and networking
  products must work together
• software elements JAVA applets, Microsoft Active
  X controls, CGI scripts, SQL code

45
Web ApplicationsSystem Configuration Logical
View
Client Workstations with Web Browsers
Production Web Server
Application Server
Firewall
Database Server
Mainframe Database
DevelopmentWeb Server
46
Web Applications

• In terms of complexity, complex web applications
  are therefore no different to traditional systems
  development projects
• web-based application components must be
  thoroughly tested to ensure that they are
  reliable, defect-free, and meets its original
  design purposes

47
Web ApplicationsClient-side Components
NetObjects Support
ü
ü
ü
48
Web ApplicationsServer-side Components
Firewall
û
Application Server
Mainframe Database

• Prevents unauthorised access to Intranet
• Implements security policy and stance for
  Web Applications

Database Server

• provides special purpose applications
  necessary to support a web application
• generally invoked by passing a request from a
  CGI script

• Central repository for
• all data in the organisation
• Database Server provides a view on the
  necessary subsets of this central repository
  data

• provides database access for a web
  application
• implemented using SQL commands
• must support the database needs of a large
  number of potential users

Web Server

• Production
• Serves HTML/XML web pages
• runs CGI scripts to provide added functions to
  web applications
• Development
• handles an internal representation of pages
  in a web application

û
ü
û
û
û
NetObjects Support
49
Client-side Testing
50
Client-side TestingBrowser Desktop

• Browser compatibility testing
• application operates correctly and consistently
  on different types of browsers (see Reading 22,
  Berghel 1996)
• Desktop configuration testing
• verifies that the client-side operates
  consistently on different client desktop machines
  with different configurations

51
Client-side TestingUsability Documentation

• Usability testing
• user-centric design of the user interface
• with multimedia elements, establish that the user
  activity matches the users business task flows
• Documentation testing
• verifies the accuracy, relevance,
  user-friendliness, and completeness of written
  user guides and online help

52
Client-side TestingSecurity

• Security testing
• verifies that the web application is immune from
  unauthorised access attempts
• necessitates the regular determination of the
  accuracy of the information on the web site
• determines that links have not been modified

53
Client-side TestingBrowser Desktop

• Error message testing
• proper handling of known error conditions by the
  web application
• Client load testing
• verifies the scalability of the web application
  client-side while under different volumes of data

54
Client-side TestingPortability Applet Scripting

• Cross-platform portability
• verifies that the web application functional
  behaviour is consistent across different client
  platforms (eg. Windows, Mac, UNIX)
• Applet/Script Testing
• verifies applet/script behaviour of JAVA applets,
  scripts, plug-ins, or Active X components when
  downloaded and executed client-side

55
Client-side TestingGUI Testing

• GUI Testing
• verifies the overall functionality of the Web
  Application with respect to its Graphical User
  Interface environment

56
Server-side Testing
57
Server-Side Testing

• Web-server Load testing
• Network Load Testing
• Application Server Testing
• Database Server Load Testing

58
Web Site MaintenanceLink Verification
59
Web Site MaintenanceLink Types

• web sites will have several link types
• using NetObjects naming conventions, web sites
  will have
• internal links that link pages in your site to
  other pages in your site, or
• external links that link pages in your site to
  other web sites

60
Web Site MaintenanceLink Types

• it is generally true that the same internal links
  get used repeatedly, for example links to home
  pages, and those used in navigation bars
• this is not true of external links- may be used
  only once in the web site
• even small web sites can have masses of external
  links

61
Web Site MaintenanceNeed for Link Verification

• the resources referenced by external links can be
  re/moved from the Internet
• this leads to a bad link occurring in your web
  site over which you have no control
• fortunately, there are link verification tools
  both freeware and commercial which can
  automatically test links in your web sites

62
Web Site MaintenanceLink Verification Tools

• suitable characteristics for link verification
  tools include
• should be able to check weblets (that is parts of
  your website), not just the entire web hierarchy
• should be able to cope with the situation where a
  valid URL points to a web site that is
  temporarily down, unresponsive, or slow
• ability to restart if interrupted

63
Further Reading

• Liu, C. Peek, J. Jones, R. Buus, B. and A. Nye
  (1994) Managing Internet Information Services
  Chapter 18 Setting Up a Web Server, OReilly
  Associates, Inc. 299-324
• Liu, C. Peek, J. Jones, R. Buus, B. and A. Nye
  (1994) Managing Internet Information Services
  Chapter 20 Web Gateways and Forms, OReilly
  Associates, Inc. 357-380
• Liu, C. Peek, J. Jones, R. Buus, B. and A. Nye
  (1994) Managing Internet Information Services
  Chapter 21 Web Access Control and Security,
  OReilly Associates, Inc. 381-390
• Berghel, H. (1996) HTML Compliance and the
  Return of the Test Pattern Communications of the
  ACM February 39 (2) 19-22 (Reading 22)

64

• Luotonen, A. (1998) Web Proxy Servers Prentice
  Hall PTR Web Infrastructure Series NJ Prentice
  Hall PTR
• Fournier, R. (1999) A Methodology for
  Client/Server and Web Application Development
  Yourdon Press Computing Series, NJ Yourdon
  Press, Prentice Hall
• Lodin, S. W. and C. L. Schuba (1998) Firewalls
  fend off invasions from the Net IEEE Spectrum
  February 1998, 35 (2), 26- 34 (Reading 24)
• Oppliger, R. (1997) Internet Security Firewalls
  and Beyond Communications of the ACM May 40 (5)
  92-102 (Reading 25)
• Wood, D. (1998) The Search for the Searcher Use
  second-rate search engine software and your users
  will avoid your Web site in droves Systems April
  1998, 58-67 (Reading 26)

65

• Anonymous (1998) Serving from the baseline APC
  Labs checks out entry-level Web servers from
  small-to-medium businesses APC Magazine April
  1998, 115-124 (Reading 27)
• Schwartz, R. L. (1999) Programming with Perl
  Step-by Step Link Verification Web Techniques 4
  (3) March 1999, 30-34
• Yeager, N. J. R. E. McGrath (1996) Web Server
  Technology The Advanced Guide for World Wide Web
  Information Providers San Francisco, California
  Morgan Kaufmann
• Holden, G. and M. Keller (1999) Apache Server for
  Windows Little Black Book Arizona Coriolis

66
Links

• Web Techniques www.webtechniques.co
• NewApps Software Archive http//www.newapps.com/ap
  pstopics/Win_95_HTML_and_Link_Verification_Tools.
  html
• Viable Software Alternatives- Alert LinkRunner
  http//viablesoftware.com/
• Tetranet Software- LinkBot Pro http//www.tetranet
  software.com/products/linkbot.htm
• Trellian- SiteMapper http//www.trellian.com/mappe
  r/
• Aman Software- CyberSpyder Link Test 2.1.5
  http//www.cyberspyder.com/cslnkts1.html
• Hausherr, Tilman- Xenu's Link Sleuth
  http//www.snafu.de/tilman/xenulink.html
• comp.lang.tcl Frequently Asked Questions (1998)
• http//www.cis.ohio-state.edu/hypertext/faq/usenet
  /tcl-faq/part1/faq-doc-2.html

67

• Bourne Shell (1994)
• http//garfield.ir.ucf.edu/manual/aix/bourne.html
• CGI Programming 101 (1997-1998)
• http//lightsphere.com/dev/class/
• Comprehensive Perl Archive Network (1998)
• http//ftp.digital.com/pub/plan/perl/CPAN/CPAN.htm
  l
• IPSec Online (1998)
• http//www.data.com/tutorials/bullet_online.html