IT:Network:Apps

 Microsoft Web Server ◦ Used by ~ 50% of Fortune 500 companies  Comes with Server OS  Expandable  Easy to use

 Windows Components > Application Server ◦ ASP.NET (optional but lots of 3 rd party solns use it) ◦ IIS >  Common Files  IIS Manager  World Wide Web Service  Other stuff can be installed (SMTP server, FTP server)

  DNS name  Update the abccompany.local zone ◦ www Address ◦ www Alias mssrv01.abccompany.local

 IIS Manager > server > Web Sites > Default Web Site  Pretty much basic, functional web site ◦ Listens on Port 80 ◦ C:\InetPub\wwwroot\ ◦ Need to create the index.htm (and related) file(s)

 Properties of Site ◦ WebSite  IP address (All or specific)  Port(s) (NOTE: SSL is more than just listing port)  Logging/timeout ◦ HomeDirectory  Where find files  Could be redirection  Permissions (like share perms) ◦ Documents  What files to look for  index.html ???

 IP address/Domain Restrictions ◦ Who will we talk to? Who will we ignore ◦ Allow all – Exceptions.OR. Deny all – Exceptions  Authentication ◦ What users can see this site ◦ How authenticate them ◦ More in a bit  Secure Communications ◦ SSL ◦ More later

  acct.abccompany.local  mktg.abccompany.local  How many servers do we need?

 New hardware for each “site”  New IP address for each “site”

 One box ◦ Big Disk/RAM ◦ Multiple IP addresses???  Web sites “Virtualized” inside physical server  Server must pick correct Virtual Server to access.

 Multiple IP addresses on Physical Server ◦ DNS for each Virtual Server points to different IP addr  acct.fencon.local   mktg.fencon.local  ◦ Configure Web site to pay attention to unique IP   acct site   mktg site  Need IP address for each virtual host!

 Single IP address on Physical Server ◦ All Virtual hosts use the same IP address ◦ Host header assigned to Virtual Server  When request comes in to physical server, it looks at the URL that was used (acct.abccompany.local vs mktg. abccompany.local)  Picks the correct virtual server based on the host headers  Only need one IP address!  Arguably the most common method

 For internal webs, we may only want access from INTERNAL addresses ◦ “You can see this, but only when you are at work”  site Properties > Directory Security > IP Address and Domain Restrictions  Set default behavior (Grant/Deny)  Set exceptions ◦ DENY All except /16

 By default anonymous access is allowed  Users group has ◦ Read/Execute ◦ List Folder Contents ◦ Read Permissions etc  Take away permissions and take away anonymous access  user must authenticate

 Site Props > Directory Security > Authentication & access control  Disable Anonymous  Pick Methods ◦ Integrated Windows auth  IE only (now firefox as well) ◦ Basic auth  password sent clear text!! ◦ Digest (only for domain users) ◦.NET

 Created multiple web sites inside a single web server  Restricted access by IP (where are you?)  Restricted access by user (who are you?)  Still need… ◦ Encryption (SSL) ◦ Nicer Content – Portals, etc