Internet Information Services (IIS) 6.0 - PowerPoint PPT Presentation

1 / 69
About This Presentation
Title:

Internet Information Services (IIS) 6.0

Description:

... Inetinfo.exe, while the WWW service is hosted by the service host (Svchost.exe) ... Iisrest.exe is configured to run by default. 15.51 2004 Pearson ... – PowerPoint PPT presentation

Number of Views:334
Avg rating:3.0/5.0
Slides: 70
Provided by: ola4
Category:

less

Transcript and Presenter's Notes

Title: Internet Information Services (IIS) 6.0


1
(Skill 6)
Introducing Internet Information Services 6.0
  • Internet Information Services (IIS) 6.0
  • Web server for Windows Server 2003
  • Using IIS, you can publish Web pages and deploy
    scalable and reliable Web sites
  • Optionally installed components
  • Background Intelligent Transfer Service (BITS)
    server extension
  • Common IIS program files
  • File Transfer Protocol Service
  • FrontPage 2002 Server Extensions
  • Internet Information Services Manager
  • Internet Printing
  • NNTP Service
  • SMTP Service
  • World Wide Web Publishing Service

2
(Skill 6)
Introducing Internet Information Services 6.0 (2)
  • The IIS Admin Service (also referred to as the
    IIS metabase) is the parent process for all IIS
    services
  • When you stop the IIS Admin Service, all other
    services are also stopped
  • IIS Admin also supplies the interface that is
    used to administer IIS and all of its components
  • In IIS 6.0, the FTP, NNTP, and SMPT services as
    well as the IIS Admin service run in
    Inetinfo.exe, while the WWW service is hosted by
    the service host (Svchost.exe)

3
(Skill 6)
Introducing Internet Information Services 6.0 (3)
  • Features
  • Automatic restart Will automatically restart in
    the event of a system failure or when a Web
    application becomes unavailable
  • Easy access to Web sites Each Web site has a
    unique socket that consists of an IP address and
    a port number to identify it
  • Scalability You can assign different ports, IP
    addresses, or host header names to each Web site
  • Bandwidth management The network or Internet
    connection used by a Web server is generally also
    used by multiple services running on the server
    such as an e-mail service
  • Reliability The newly designed
    request-processing architecture in IIS 6.0 allows
    Web-based applications to run in an environment
    in which they are protected from the malfunctions
    of other applications

4
(Skill 6)
Iisrest.exe is configured to run by default
Figure 15-35 The IIS Admin Service Properties
dialog box
5
(Skill 6)
You can assign different ports, IP addresses, or
host header names to each Web site so that you
can host multiple Web sites on the same Web
server
Figure 15-36 The Add/Edit Web Site Identification
dialog box
6
(Skill 6)
Introducing Internet Information Services 6.0 (4)
  • WebDAV (Web-based Distributed Authoring and
    Versioning)
  • Is an extension of the HTTP protocol that is used
    to access files on a Web server through an HTTP
    connection
  • The HTTP connection enables users to add, modify,
    and delete data from Web pages to facilitate Web
    page authoring

7
(Skill 6)
Used to limit the bandwidth used by IIS if the
bandwidth approaches or exceeds this limit,
bandwidth throttling delays or ejects IIS service
requests until more bandwidth becomes available
Figure 15-37 The Performance tab in the Default
Web Site Properties dialog box
8
(Skill 6)
Figure 15-38 Configuring an Application Server
9
(Skill 6)
Figure 15-39 Installing dynamic content tools
10
(Skill 6)
Figure 15-40 Enabling additional dynamic content
tools
11
(Skill 7)
Examining IIS Configuration Changes
  • New accounts
  • The IUSR_ltserver_namegt account is the account
    used for Anonymous access to the IIS server
  • The IWAM_ltserver_namegt account is the user
    account used to start out-of-process applications
  • The IIS_WPG group account is the worker process
    group
  • New services (depending on components installed)
  • FTP Publishing service
  • Network News Transfer Protocol service
  • Simple Mail Transfer Protocol service
  • World Wide Web Publishing service
  • Newl folders
  • Inetpub
  • Inetsrv
  • Iishelp

12
(Skill 7)
Figure 15-41 IIS user and group accounts
13
(Skill 7)
Figure 15-42 The World Wide Web Publishing Service
14
(Skill 7)
Figure 15-43 Inetpub
15
(Skill 7)
Figure 15-44 The Inheritance Overrides dialog box
16
(Skill 8)
Managing IIS
  • Internet Information Services (IIS) Manager is
    the main management tool for your Web server
  • You can configure properties for an individual
    site or for all sites on the server
  • You can tune Web site performance based on the
    number of visitors expected per day
  • The default setting is to accept an unlimited
    number of connections
  • To conserve bandwidth, you can limit the number
    of connections

17
(Skill 8)
Managing IIS (2)
  • Security options and authentication methods
  • Integrated Windows authentication is the default
    selection
  • It uses either Kerberos or NTLM (also referred to
    as Windows NT Challenge/Response authentication)
  • In NTLM, the user name and password are hashed
    before they are sent
  • .NET Passport authentication method
  • A user can create a single sign-in name and
    passport to access numerous Web sites
  • The sites are configured to use the Passport
    single sign-on service (SSI)

18
(Skill 8)
Managing IIS (3)
  • Tabs in the Default Web Site Properties dialog
    box you can use to configure options
  • HTTP Headers
  • Custom Errors
  • Documents
  • Home Directory
  • ISAPI Filters

19
(Skill 8)
By default, the Enable Logging check box and W3C
Extended Log File Format are selected this
includes logging for the Time Taken, Client IP
Address, Method, URI Stem, and HTTP Status fields
Figure 15-45 The Web Site tab
20
(Skill 8)
Use to limit the bandwidth of your Web server
You can limit the number of connections your IIS
server will accept in order to conserve bandwidth
and memory and to protect your Web server from
overload attacks
Figure 15-46 The Performance tab
21
(Skill 8)
Click to disable anonymous access or edit the
authentication method
Click to start the Web Server Certificate Wizard
Figure 15-47 The Directory Security tab
22
(Skill 8)
Clear to disable anonymous access
Select to have users credentials sent as an MD5
message digest hash
Figure 15-48 The Authentication Methods dialog box
23
(Skill 8)
Figure 15-49 .NET Passport Authentication
24
(Skill 8)
Figure 15-50 The Deny Access dialog box
25
(Skill 8)
Figure 15-51 The HTTP Headers tab
26
(Skill 8)
Figure 15-52 The Content Ratings dialog box
27
(Skill 8)
Managing IIS (4)
  • IIS backups
  • Can be used to restore only the IIS
    configurations, not the content files or Registry
    settings
  • Create copies of the metabase configuration file
    (MetaBase.xml) and the metabase schema file
    (MBschema.xml
  • The metabase files are stored in the folder
    systemroot\system32\inetsrv

28
(Skill 8)
Figure 15-53 The Custom Errors tab
29
(Skill 8)
Figure 15-54 The Edit Custom Error Properties
dialog box
30
(Skill 8)
Figure 15-55 The ISAPI Filters tab
31
(Skill 8)
Automatic Backups
Figure 15-56 The Configuration Backup/Restore
dialog box
32
(Skill 9)
Configuring IIS Security
  • You can use two types of permissions to control
    access to the resources on your Web server
  • Web permissions apply to all HTTP clients and
    determine the level of access to server resources
  • NTFS permissions detail the level of access
    individual users or groups can have for files and
    folders on the Web server
  • Auditing allows you to monitor Web site usage to
    maintain the security of the Web server and to
    track the activities users perform on the site

33
(Skill 9)
Use if the directory has no executable files so
the server will not run scripts or executable
files in the directory
Use if only scripts such as .asp files can run on
the server the server will be able to execute
only the script types you have defined
Use when other types of executable files can run
on the server the types of applications that can
be run will not be limited to the Application
Mappings list as they are for the Scripts only
permission
Figure 15-57 Setting Execute permissions
34
(Skill 9)
When you use the Scripts only Execute permission,
the server will be able to execute only those
script types you have defined on the Application
Mappings list
Figure 15-58 The Application Configuration dialog
box
35
(Skill 9)
Configuring IIS Security (2)
  • Certificates
  • In IIS, digital identification files called
    certificates can be used to authenticate both the
    client and the server
  • You use the Web Server Certificate Wizard to
    request certificates, apply certificates, and to
    remove them from a Web site
  • Client certificates Optionally, part of the SSL
    Handshake Protocol can include client
    authentication to the server to validate users
    who are asking for data from your Web site
  • Client Certificate mapping Another method is to
    map client certificates to Windows user accounts
    on the Web server

36
(Skill 9)
Figure 15-59 The Logging Properties dialog box
37
(Skill 9)
Figure 15-60 The Web Server Certificate Wizard
38
(Skill 9)
Figure 15-61 The location of SSL within the
TCP/IP Protocol suite
39
(Skill 9)
Figure 15-62 SSL Protocol layers
40
(Skill 9)
Figure 15-63 How SSL authenticates the server to
the client
41
(Skill 9)
Configuring IIS Security (3)
  • Encryption
  • Encryption is essential if sensitive data such as
    credit card information and personal data,
    including addresses and phone numbers, is being
    transmitted
  • The SSL 3.0 protocol is the basis for IIS
    encryption
  • The default secure communication settings for an
    IIS Web server requires that the users Web
    browser support a session key strength of 40 bits
    or above

42
(Skill 9)
This is the Windows Server 2003 default for SSL
secure communication sessions users must have a
browser that supports a 128-bit session key in
order to create an encrypted channel with your
server
Figure 15-64 The Secure Communications dialog box
43
(Skill 9)
Click to select all of the child nodes and apply
the site setting to the directories
Figure 15-65 Allowing directory settings to
override Web site settings
44
(Skill 10)
Administering the Web Environment
  • IIS supports the hosting of multiple Web sites on
    a single Web server, so you can add new Web and
    FTP sites in addition to the defaults
  • By default, the home directory for the WWW
    service is systemroot\Inetpub\wwwroot
  • The default FTP service home directory is
    systemroot\InetPub\Ftproot
  • A virtual directory is used to make a directory
    appear to be within the home directory, when it
    really isnt

45
(Skill 10)
Figure 15-66 Default WWW service home directory
46
(Skill 10)
Figure 15-67 Default FTP service home directory
47
(Skill 10)
Figure 15-68 The Web Site Creation Wizard
48
(Skill 10)
Figure 15-69 The Web Site Description screen
49
(Skill 10)
Figure 15-70 The IP Address and Port Settings
screen
50
(Skill 10)
Figure 15-71 The Web Site Home Directory screen
51
(Skill 10)
Figure 15-72 Specifying the path to the virtual
directory
52
(Skill 10)
Figure 15-73 Setting Virtual Directory Access
Permissions
53
(Skill 10)
Figure 15-74 Viewing the new Web site
54
(Skill 10)
Administering the Web Environment (2)
  • The MetaBase.xml file is a text file that can be
    edited in any text editor such as Notepad
  • IIS 6.0 also includes new logging functionality,
    UTF-8 (Uniform Transformation Format-8-bit)
    logging
  • MIMES
  • MIME types are used to prevent attackers from
    sending malicious files
  • In IIS, only static files that have extensions on
    the MIME (Multipurpose Internet Mail Extensions)
    types list can be served to users
  • A default global list of MIME types is installed
    with IIS 6.0

55
(Skill 10)
Figure 15-75 Enabling Direct Metabase Edit
56
(Skill 10)
Figure 15-76 The metabase History folder
57
(Skill 10)
Figure 15-77 The MIME Types dialog box
58
(Skill 11)
Creating Application Pools
  • When you are running IIS 6.0 in worker process
    isolation mode, you can group Web applications
    into application pools
  • You can assign any Web directory or virtual
    directory to an application pool
  • Improves the efficiency of your IIS server
  • Ensures that other Web applications will not have
    their service interrupted when the applications
    in the new application pool stop
  • Guidelines for creating application pools
  • Create an application pool for each Web site
  • Configure a user account (process identity) for
    each application pool
  • Create a unique application pool for applications
    that you want to run with their own unique set of
    properties

59
(Skill 11)
Figure 15-78 The Add New Application Pool dialog
box
60
(Skill 11)
Figure 15-79 Assigning an application to an
application pool
61
(Skill 11)
Figure 15-80 The Identity tab on the Properties
dialog box for an application pool
62
(Skill 12)
Troubleshooting the Web Environment
  • IIS 6.0 has two modes
  • Worker process isolation mode
  • The default (and preferred) mode for IIS 6.0
  • Capable of separating applications into isolated
    pools
  • Identifies unhealthy processes, resources that
    are being overtaxed, and memory leaks
  • IIS 5.0 isolation mode
  • Should be used if you are running legacy Web
    applications that may not be compatible with
    worker process isolation mode
  • Not as secure as worker process isolation mode

63
(Skill 12)
IIS 6.0 runs in one of two modes Worker process
isolation mode or IIS 5.0 isolation mode, which
provides backward compatibility with older
applications
Figure 15-81 Running the WWW service in IIS 5.0
isolation mode
64
(Skill 12)
Figure 15-82 Changing IIS modes
65
(Skill 12)
Figure 15-83 Enabling Web service extensions
66
(Skill 12)
Troubleshooting the Web Environment (2)
  • IIS problems
  • Applications are denied access to resources
  • Users request dynamic content and receive error
    404
  • Users request static content and receive error
    404
  • The application session state is dropped by
    worker process recycling
  • Clients receive error 503 (Service Unavailable
    message)

67
(Skill 12)
Clear to disable worker process recycling
Figure 15-84 Disabling worker process recycling
68
(Skill 12)
Figure 15-85 Increasing the application pool
queue length limit
69
(Skill 12)
Figure 15-86 Configuring rapid-fail protection
Write a Comment
User Comments (0)
About PowerShow.com