1. IT:Network:Apps

2.  Microsoft Web Server ◦ Used by ~ 50% of Fortune 500 companies  Comes with Server OS  Expandable  Easy to use

3.  Windows Components > Application Server ◦ ASP.NET (optional but lots of 3 rd party solns use it) ◦ IIS >  Common Files  IIS Manager  World Wide Web Service  Other stuff can be installed (SMTP server, FTP server)

4.  www.abccompany.local www.abccompany.local  DNS name  Update the abccompany.local zone ◦ www Address 172.17.6.10 ◦ www Alias mssrv01.abccompany.local

5.  IIS Manager > server > Web Sites > Default Web Site  Pretty much basic, functional web site ◦ Listens on Port 80 ◦ C:\InetPub\wwwroot\ ◦ Need to create the index.htm (and related) file(s)

6.  Properties of Site ◦ WebSite  IP address (All or specific)  Port(s) (NOTE: SSL is more than just listing port)  Logging/timeout ◦ HomeDirectory  Where find files  Could be redirection  Permissions (like share perms) ◦ Documents  What files to look for  index.html ???

7.  IP address/Domain Restrictions ◦ Who will we talk to? Who will we ignore ◦ Allow all – Exceptions.OR. Deny all – Exceptions  Authentication ◦ What users can see this site ◦ How authenticate them ◦ More in a bit  Secure Communications ◦ SSL ◦ More later

8.  www.abccompany.local  acct.abccompany.local  mktg.abccompany.local  How many servers do we need?

9.  New hardware for each “site”  New IP address for each “site”

10.  One box ◦ Big Disk/RAM ◦ Multiple IP addresses???  Web sites “Virtualized” inside physical server  Server must pick correct Virtual Server to access.

11.  Multiple IP addresses on Physical Server ◦ DNS for each Virtual Server points to different IP addr  acct.fencon.local  192.168.9.10  mktg.fencon.local  192.168.9.11 ◦ Configure Web site to pay attention to unique IP  192.168.9.10  acct site  192.168.9.11  mktg site  Need IP address for each virtual host!

12.  Single IP address on Physical Server ◦ All Virtual hosts use the same IP address ◦ Host header assigned to Virtual Server  When request comes in to physical server, it looks at the URL that was used (acct.abccompany.local vs mktg. abccompany.local)  Picks the correct virtual server based on the host headers  Only need one IP address!  Arguably the most common method

13.  For internal webs, we may only want access from INTERNAL addresses ◦ “You can see this, but only when you are at work”  site Properties > Directory Security > IP Address and Domain Restrictions  Set default behavior (Grant/Deny)  Set exceptions ◦ DENY All except 172.17.0.0/16

14.  By default anonymous access is allowed  Users group has ◦ Read/Execute ◦ List Folder Contents ◦ Read Permissions etc  Take away permissions and take away anonymous access  user must authenticate

15.  Site Props > Directory Security > Authentication & access control  Disable Anonymous  Pick Methods ◦ Integrated Windows auth  IE only (now firefox as well) ◦ Basic auth  password sent clear text!! ◦ Digest (only for domain users) ◦.NET

16.  Created multiple web sites inside a single web server  Restricted access by IP (where are you?)  Restricted access by user (who are you?)  Still need… ◦ Encryption (SSL) ◦ Nicer Content – Portals, etc