The next window is the Web Site Home Directory window Figure 26.6.The home directory is where the physical files of a Web site reside.. Allowing anonymous access will enable the users to
Trang 1Performing Common Management Tasks
First of all, let’s get familiar with the IIS Manager Console How can we start the IIS Manager? We can load the IIS Manager in the following ways
1 Go to Start | Administrative Tools | Internet Information Services (IIS) Manager
2 Go to My Computer | Manage Select and expand IIS Manager node.
IIS manager is the primary interface to handle all Internet-related functions We can set up Web sites,
Site Setup
We can set up Web and FTP sites using IIS Manager We can also configure SMTP and NNTP vir-tual servers using IIS Manager.The WWW, FTP, NNTP, and SMTP servers can be installed manu-ally or using scripts (unattended setup) Please follow these steps to install the components manumanu-ally:
1 Navigate to Start | Control Panel | Add Remove Programs.
2 Click the Add Remove Windows Component button.
3 Select the Application Server option from the Windows Component window, and then click Details.
4 Select IIS and click Details in the Application Server window.
5 Select the options you want to install (Web, NNTP, FTP, and SMTP)
6 Click OK and the installation process will begin.
7 You will be presented with a confirmation screen at the end of the installation process Let’s look closely on how to create and maintain Web, FTP, NNTP, and SMTP sites All these subjects will be discussed as a subsection from now on
Setting up a Web Site
All Web sites can be created and managed in IIS Manager.This is a wizard-driven example
Therefore, it is a simple task to create a Web site from scratch Let’s learn the process to create a Web site using IIS Manager
1 Start IIS Manager (refer to the previous section on Site Setup).
2 Navigate to Web Sites node and right-click it.
3 Select New then Web Site.You should get a screen similar to Figure 26.3 (You can also
create a Web site from XML file settings.This option is commonly used to create Web sites from a backup configuration In most case you will be using the wizard to create a new Web site.)
906 Chapter 26 • Managing Web Servers with IIS 6.0
301_BD_W2k3_26.qxd 5/14/04 9:52 AM Page 906
Trang 24 You will be greeted with the Welcome to the Web Site Creation Wizard Click Next
on this screen
5 In the Web Site Description window enter the Web site name We will create a Web site called “TestWebSite.”Then click Next.Your screen should be similar to Figure 26.4
6 The next screen will be the IP Address and Port Settings window Let’s assume my
Web site domain name is www.mytestwebsite.com and it runs on port 80 Put these details
under the Host Header (please refer to Hosting Multiple Web Sites in the next section for
further details) and TCP Post this Web site should use text boxes Let’s assume that we don’t assign a specific IP address for this Web site.Therefore, leave the Enter the IP address to use for this web site combo box with (All Unassigned) property (This is
the default value.) We will not be able to refer to the Web site by its IP address if we do not assign an IP address.This could be handy for intranet development We rely on Host Headers to find the site by selecting (All Unassigned) option We also don’t need to assign
Figure 26.3 Creating a New Web Site in IIS Manager
Figure 26.4 Entering the Web Site Name
Trang 3port 80 as the default port If any port is assigned other than port 80, then we need to change the URL to reflect that (For example, if we run www.mytestwebsite.com on port
100, we will use www.mytestwebsitecom:100 as the URL.) After all the values are entered,
please click Next.The screen should be similar to Figure 26.5.
7 The next window is the Web Site Home Directory window (Figure 26.6).The home
directory is where the physical files of a Web site reside All the content and executable files
are stored here
8 Enter the path to find the ASP.NET files that associate with the Web site In my example, the files are found at c:\inetpub\wwwroot\testWebSite directory.Therefore, when a user enters www.mytestwebsite.com, it will point to this directory Microsoft strongly
recom-mends that the home directory volume is an NTFS drive Please click the Browse button and navigate to that folder.The Allow anonymous access to this web site flag is
checked by default Allowing anonymous access will enable the users to navigate the site without authenticating themselves.This is not recommended for sites with sensitive
busi-ness information Please refer to the Configuring Authentication Settings section for further
details Click Next to navigate to the next window.
908 Chapter 26 • Managing Web Servers with IIS 6.0
Figure 26.5 Entering IP Address and Port Settings for a Web Site
Figure 26.6 Entering the Home Directory for a Web Site
301_BD_W2k3_26.qxd 5/14/04 9:52 AM Page 908
Trang 49 The next window is the Web Site Access Permissions screen.This is a very important screen We can configure the access to our Web site using this screen.The Read and Run scripts options are ticked by default.The Execute option refers to granting execute
per-mission for Dynamic Link Libraries (such as ISAPI DLLs or CGI applications) in IIS space Most of the business logic and interfaces to 3rd-party business models will be stored
as ISAPI DLLs or CGI Applications.Therefore we may need to enable Execute access to communicate with these entities.The Write option will enable the user of the Web site to
upload/write data into the Web site’s source directories (in this case,
c:\inetpub\www-root\testWebSite directory) Finally, the Browse option will enable directory browsing on the
Web site.This option will produce a complete directory information list (files and their attributes – size, last modified time stamp, etc.) when a user navigates to the directory
Therefore, we can get a complete file list using a Web browser interface.This is not widely recommended (Since it exposes all the files and interfaces to Web site users It will be a large security breach if Anonymous access is also enabled.) I have selected the default
options and the screen should be similar to Figure 26.7 Finally, click Next to finish the
creation of the Web site.You will get a window confirming your creation of the Web site
Setting up an FTP Server
The FTP site setup is similar to Web site setup Most of the setup has the same information as the Web site setup FTP site will enable the user to share data with others.The users can upload data or download data from our FTP site Let’s learn how to create an FTP site using IIS Manager
1 Open IIS Manager
2 Click the FTP sites, right-click and select New.
3 Select FTP Site from the context menu (You can also read the FTP site settings from an
XML configuration file.)
4 Click Next from the Welcome to the FTP site Creation Wizard.
Figure 26.7 Entering Access Permissions for a Web Site
Trang 55 Enter the FTP site name in the FTP Site Description window We will name our FTP site “TestFTPSite” and click Next.
6 Let’s enter the IP address and the port number for the Web site in the IP Address and Port Settingswindow.The default port number for an FTP site is 21.You can use a dif-ferent port number than 21 (Most corporate firewalls will open port 80 for Web and 21 for FTP access If you change the FTP port to another number, we need to reconfigure the firewall to let the traffic into the enterprise.The next step is to select the correct IP
address from the combo box We will use the default (All Unassigned) for our
demon-stration.You can also assign a dedicated IP address for the FTP site.The user will use this
IP address to access the FTP site (We are using the IP address of the IIS machine if we leave the (All Unassigned) option selected.) The screen should be similar to Figure 26.8
Click Next to navigate to the next window.
7 The next window is the FTP User Isolation window.This window will enable you to
configure the security settings for the FTP site.The user access for FTP server can be managed in several ways.The default setting is that every user has access to other user directories.This will not be a problem in many cases since a company FTP site will dis-tribute generic information regardless of the user (e.g., enable Beta product download to
the test users).The user will have access to all files if the user is authenticated In some
cases this model may not work We may need to give different users to access different
information We need to isolate users to different directories in this case FTP user isolation
prevents users from accessing the FTP home directory of another user on this FTP site
We can select the Isolate users to accommodate this scenario.This option uses NTFS
directory authentication to perform this task We can also go a step further by asking Active Directory to authenticate the user and assign an FTP home directory for the user
This can be configured using the Isolate the users using Active Directory option We can also use iisftp.vbs script to perform these functions at a command line with the /iso-lation switch.This will be discussed later in the chapter We will stick with the default and
click the Next button (Figure 26.9 shows the isolation options.)
910 Chapter 26 • Managing Web Servers with IIS 6.0
Figure 26.8 Entering IP Address and Port Numbers for an FTP Site
301_BD_W2k3_26.qxd 5/14/04 9:52 AM Page 910
Trang 68 The next window will enable you to enter a physical directory path where the FTP site refers We will put C:\Inetpub\ftproot\TestFTPSite as the physical directory for our FTP site.This directory will be exposed to the public access.Therefore, make sure the data in
this directory is not sensitive to the organization Click Next.
9 The Next window is FTP Site Access Permission window The default is just read access to users.You can also enable the Write access if the users need to upload files to the
server.This option can be helpful in some cases (for example, your sales team needs to upload sales data to the FTP server for the weekly accounting purposes).This option will enable users to upload malicious content to the server.Therefore, it is not recommend to
enable write access unless necessary.The screen should be similar to Figure 26.10 Click Nextand the FTP site creation process will be completed
Figure 26.9 FTP Site User Isolation Options
Figure 26.10 FTP Site Access Permissions Window
Trang 7Setting up an SMTP Server
We can also set up a virtual SMTP server using IIS Manager SMTP servers help IIS to deliver simple e-mail functionality to its Web sites E-mail delivery is a common task for Web sites We use e-mails to transmit business information or for administration purposes (e.g., e-mail error message to the system administrators) from our IIS components.Therefore, Microsoft included the SMTP server to be installed with IIS 6.0 SMTP server fully supports Simple Mail Transfer Protocol and is compatible with SMTP clients SMTP servers use Transport Layer Security (TLS) encryption to protect the e-mail information.The SMTP server will communicate with the Domain Name
System (DNS) to validate the recipient’s e-mail address.The sent e-mails are transferred to the drop directory.The SMTP server will transmit all the messages in the drop directory.Therefore, other non-IIS 6.0 applications can also send e-mail by putting the application messages in the drop direc-tory.The delivered e-mail will be picked up from a pickup directory Let’s learn the process to set
up an SMTP server
1 Start IIS Manager
2 Navigate to the correct computer and select Default SMTP Server.
3 Right-click and select New Then select Virtual Server.
4 Enter the SMTP site name in the New SMTP Virtual Server Wizard We will use
“TestSMTPServer” for our demonstration Click Next.You should have a screen similar to
Figure 26.11
5 Select the correct IP address settings from the Select IP Address window We will select 127.0.0.1 Click Next.
6 Select a home directory for the virtual server by using the Browse button of the Select a Home Directoryscreen We will refer to C:\Inetpub\mailroot\Mailbox for our home directory Non-IIS 6.0 applications can also use the SMTP server to send e-mail
Therefore, it is a good practice to have general access to the home directory (It shouldn’t have any restricted NTFS permissions on it It shouldn’t be an OS drive to make generic
mail access from other applications.) Click Next.
912 Chapter 26 • Managing Web Servers with IIS 6.0
Figure 26.11 Entering the Name of the SMTP Virtual Server
301_BD_W2k3_26.qxd 5/14/04 9:52 AM Page 912
Trang 87 Enter the domain name of the SMTP server at the Default Domain window and click Finish.You will get a message to confirm the creation of the server
Setting up an NNTP Server
The Network News Transfer Protocol (NNTP) server helps the IIS 6.0 server to facilitate discussion group functionalities.The IIS setup creates an NNTP server by default Let’s try to create a new NNTP server
1 Load IIS Manager
2 Navigate to the correct computer and select Default NNTP Server.
3 Right-click and select New Then select Virtual Server.
4 Enter the NNTP site name in the New NNTP Virtual Server Wizard We will use
“TestNNTPServer” for our demonstration Click Next.The screen should be very similar
to the initial SMTP screen
5 Select the correct IP address settings from the Select IP Address window We will select
127.0.0.1.You also need to provide a different port number for each NNTP server.The common port number associated with NNTP servers is 119.You can also use another port number We will use 1001 for this demonstration.You can also have multiple NNTP servers.The best practice is to use different IP addresses for each NNTP site If a lot of IP addresses are not available, then we can use multiple port numbers on a single IP address
Click Next The screen should be similar to Figure 26.12.
6 The Next screen will be to select a home directory for the NNTP virtual server We will
select C:\Inetpub\nntpfile\root as our home directory Click Next.
7 The next window is Select Storage Medium.This option will enable us to choose between File System and Remote Share.This is where the news messages are stored.
The File System option will enable the user to store the news content on the local
Figure 26.12 Entering IP Address and Port Numbers for NNTP Server
Trang 9machine.The Remote Share option will enable it to be stored remotely We need to
know the machine name and user details (i.e., user name and password details) in order to
store news content remotely We will select the default File System option.The screen should be similar to Figure 26.13 Click Next.
8 The next screen will enable you to define the physical directory in which the messages are
going to be stored Click the Browse button and navigate to the directory We will use C:\Inetpub\nntpfile\drop as our file system location Click Finish to create the NNTP
virtual server.You will get a message to confirm the creation of the server
Common Administrative Tasks
We have learned to install Web, FTP, NNTP, and SMTP servers Now we are in a stage to practice our knowledge and dive further into the IIS 6.0 world Let’s concentrate on learning some common administrative tasks now
Enabling Web Service Extensions
Web Service Extensions is a new feature in IIS 6.0.This utility will give a Control Panel-like function-ality on your IIS components We will be able to allow, prohibit, or change the properties using this tool.This will also enable you to add new IIS extensions (ISAPI applications and 3rd-party IIS tools) to
the IIS 6.0 server.You can also enable or disable All Web Service Extensions by using this
manage-ment console Here is a list of components the Web service extensions can enable or disable
■ ASP.NET executions
■ ASP executions
■ CGI and ISAPI Applications
■ Front Page Server Extensions 2000 and 2002
■ WebDAV support for IIS directories
914 Chapter 26 • Managing Web Servers with IIS 6.0
Figure 26.13 Selecting a File System for NNTP Server
301_BD_W2k3_26.qxd 5/14/04 9:52 AM Page 914
Trang 10We can get to the Web service extensions by using Start | Administrative Tools | IIS Manager and clicking on Web Server Extensions node on a selected server name Figure 26.14 is
similar to a default view of the Web service extensions window
Creating and Working with Virtual Directories Creating virtual directories is a simple task in IIS 6.0 A virtual directory is a reference to an existing
directory by a Web or FTP site We can get access to the subdirectories from a root Web or FTP directory Sometimes we need to go beyond the root directory access information to process a Web request We use virtual directories to remedy these scenarios (For example, we can store all the images file in a large shopping catalogue in one directory.Then we can point multiple Web servers to access this images directory as a virtual directory It will be low maintenance to modify one images directory.) The Web or FTP site will be able to refer to this directory as it exists within its directory structure (even if it physically exists out of its directory structure) One of the limitations will be the Web site deployment to a new server Because the virtual directory is not a physical subdirectory (under the home FTP or Web directory) we simply cannot copy and paste the files to the new server We also need to configure the virtual directories manually Here is the process to create a virtual directory for a Web site (The FTP server virtual directory creation process is very similar to this.)
1 Open IIS Manager
2 Select the server and right-click on the Web site.This will be the Default Web Site for
our demonstration purposes
3 Select New | Virtual Directory.The screen should be similar to Figure 26.15
Figure 26.14 Web Service Extensions View