SLAC HEPNT / HEPIX Meeting October DESY WindowsNT Web-Services Henner Bartels DESY WindowsNT Group

SLAC HEPNT / HEPIX Meeting October Abstract I will present the DESY WindowsNT solution for providing web services to our NT community. As an example for web-based computing an intranet application scenario displaying our NT domain management tools will be reviewed.

SLAC HEPNT / HEPIX Meeting October Topics of Discussion Motivations for implementing NT- based web-services Implementation of our IIS-cluster Application design considerations NT domain management scenario

SLAC HEPNT / HEPIX Meeting October Motivations for Implementing NT-based Web-services Demands of the WindowsNT group Requests of DESY groups End-user support

SLAC HEPNT / HEPIX Meeting October Demands of the WindowsNT Group Increasing demands for web-based, cross-platform capable computing  NT domain administration MS BackOffice family relies on services provided by IIS  Exchange, Office, WebDAV  MTS, MSMQ Simplified global collaboration and data exchange

SLAC HEPNT / HEPIX Meeting October Requests of DESY Groups Complex web sites needed without having to setup a dedicated web server None or minimal management overhead desired Server-side scripting (e.g. CGI, ASP) Access to other domain resources Secured and closed forums

SLAC HEPNT / HEPIX Meeting October Group Webs Group web spaces appear as sub- directories in the WindowsNT web Full server-side scripting support including Perl, VBScript and others Domain resources can be accessed using ActiveX, ADO, ADSI and MTS No management overhead No support for https (using NT ACLs)

SLAC HEPNT / HEPIX Meeting October End-User Support Personal web pages (e.g.  Available to users with Unix accounts  No solution for non-Unix users or those preferring to create content on NT without the hassle of file-transfer

SLAC HEPNT / HEPIX Meeting October Personal WebPages Now fully supported (e.g. desyntwww.desy.de/~hbartels) Web content located in the user home directory No server-side scripting (security!) No support for https (using NT ACLs) A platform-independent solution is still pending

SLAC HEPNT / HEPIX Meeting October Implementation of Our IIS-cluster Key requirements Server configuration Cluster setup Data flow Manageability Drawbacks

SLAC HEPNT / HEPIX Meeting October Key Requirements Scalable and robust solution Simple to manage Highly integrated with MS BackOffice Security using SSL, NTFS Content stored where user and group data are located Server-side scripting using WSH

SLAC HEPNT / HEPIX Meeting October Server Configuration Compatible industry PC equipped with:  Pentium II running at 350 MHz  256 MB RAM  2 IDE Disks (mirrored, < 1 GB used)  2 NICs (1 onboard / 1 PCI card) NT Enterprise Server, SP 5 IIS, Index Server, related Hot-Fixes Active State Perl

SLAC HEPNT / HEPIX Meeting October Cluster Considerations To provide service reliability clustering technologies are employed MS Cluster Server (Wolf Pack)  Fail-Over Server without load-balancing  Requires (expensive) hardware Windows Load Balancing Service  No Fail-Over  IP-based load-balancing (up to 32 nodes)  In case a node fails only those connections will have to reconnect

SLAC HEPNT / HEPIX Meeting October How WLBS Works Cluster NIC shares IP address and MAC on all nodes Handles Cluster traffic and inbound connections The dedicated NIC manages the established connections

SLAC HEPNT / HEPIX Meeting October Cluster Setup DFSFilesMTSNode Switch Hub

SLAC HEPNT / HEPIX Meeting October Data Flow Switch Hub DFSFilesMTSNode Client

SLAC HEPNT / HEPIX Meeting October Manageability Cluster nodes can be managed using MS Management Console Configuration changes have to be replicated using scripts (ADSI) Management of Group Webs will be implemented using a web interface  Setting / Removing IP restrictions  Enabling / Disabling HTTPS  Set directory access rights

SLAC HEPNT / HEPIX Meeting October Drawbacks IIS 4.0 is designed to store content on local disks  Some ISAPI filters (e.g..hqx) will not work properly  FrontPage Server extensions can not be used When using HTTPS connections no ACL check is performed, however delegation is properly handled

SLAC HEPNT / HEPIX Meeting October Application Design Considerations Supported clients Client requirements Maintaining state information Using XML / XSL

SLAC HEPNT / HEPIX Meeting October Supported Clients Netscape 3  Windows 3.11 (NICE) Netscape 4+  Standard Unix Browser Internet Explorer 4+  Standard(?) NT Browser  Internet Explorer 5 is expected to be the next standard viewer on NT

SLAC HEPNT / HEPIX Meeting October Client Requirements To provide a visually appealing and dynamic environment clients have to support: Frames At least JavaScript 1.1 Layers (used in some applications) No Plug-Ins No Java /ActiveX

SLAC HEPNT / HEPIX Meeting October Maintaining State Information Use of Cookies  Cookies are usually disabled Abuse URLs search part to communicate session state  Difficult to maintain with static pages  Interference when search part is used to transport queries or form data Use global JavaScript variables stored in top-level frame-set  JavaScript has to be enabled

SLAC HEPNT / HEPIX Meeting October Using XML / XSL XML data and accompanying DTDs are used to:  Provide data used in multiple pages  Store configuration information  Markup data displayed by scripts XML data is processed on the server XSL will be used to transform data for clients with disabled scripting engines

SLAC HEPNT / HEPIX Meeting October NT Domain Management Scenario DESY requirements Commercial solutions Application design Remote scripting object Live demonstration

SLAC HEPNT / HEPIX Meeting October DESY Requirements (I) Computer and user management at DESY is handled by three groups  User Consulting Office (UCO)  Group administrators  WindowsNT domain administrators Tasks and scope of authorization vary slightly  Changes of user properties  Removing a computer from the domain  Creation of new groups

SLAC HEPNT / HEPIX Meeting October DESY Requirements (II) Setting of license-, inventory- and other management information Most of these tasks require elevated privileges, however the number of staff with administrative rights must be small

SLAC HEPNT / HEPIX Meeting October Commercial Solutions Commercial solutions (e.g. TEM) are providing:  Fine-grained control over the various NT management options  NT based management clients They require time to setup and maintain proper configuration They do not come with a web-based client They can not be adopted to reflect site- specific or non-NT related tasks

SLAC HEPNT / HEPIX Meeting October Application Design We have implemented a framework that dynamically adopts to the privileges of the connecting user Different views exist for managing users, web configuration and miscellaneous tools Dynamic HTML, client and server-side scripting are providing an advanced and consistent user interface The DESY Scripting Host (DSH) is used to gather data and perform requested actions with the required privileges

SLAC HEPNT / HEPIX Meeting October Usage

SLAC HEPNT / HEPIX Meeting October Summary We have implemented an IIS-based web server using current clustering and load- balancing technologies We were able to show the availability of our solution by hosting multiple Group Webs over a period of several month Web-based applications have been successfully implemented and demonstrated no undesired behavior even after forcing cluster nodes to shut down

SLAC HEPNT / HEPIX Meeting October Next Steps Automation of cluster management Extending available tools Better modularization of components Migration to IIS 5.0 Support for WebDAV