MS BackOffice Unleashed

• Overview of the Setup Process
• System Requirements
• Installation Procedure
• Configuration After Setup Is Complete
• Planning for Content
• Verifying a Successful Installation
• Issues and Cautions
• Summary

— 16 —

Setting Up IIS

With many products, there are a lot of tips and tricks that you can pass on regarding setup. There are a lot of places where you can go wrong and do things that you will regret later. Sometimes you are actually placing a fair amount of data at risk during the upgrade process and have to perform a set of careful backups before you even begin the upgrade process. This is not one of those products. The Internet Information Server is actually a part of the BackOffice installation process, and if you are not paying careful attention on the three screens or so that select this option and configure the product, you might not even notice that you have installed it.

It’s tough to argue with this situation. There are enough things that really require your attention. With all of this said, you may be wondering what you're going to learn in this chapter. There are a few things to look at that will ensure that you understand what your options are and that you get the best performance out of your Internet services.

Overview of the Setup Process

You have two basic starting points for setting up Internet Information Server. You can choose it as part of the NT 4.0 installation process, or you can add it as a network component after you have installed NT 4.0 or 3.51 (although IIS does not come as part of the NT 3.51 distribution). The basic process is the same in both cases. The key to this process is planning a few details up front and then plugging them into the appropriate boxes on the installation screens:

1. Plan the IIS configuration.
   
   
2. Prepare the system for installation.
   
   
3. Run the setup program.
   
   
4. Configure the installed servers.
   
   
5. Install the content for the servers.
   
   

The first step in the installation process involves planning your IIS configuration. Here, you have to decide which of the IIS components you are going to install and in which directories you will be storing your content for the IIS servers. These are the components from which you will be choosing when you install IIS:

• Internet service manager
  
  
• World Wide Web service
  
  
• Gopher service
  
  
• FTP service
  
  
• ODBC drivers and administration
  
  
• Help and sample files
  
  
• Microsoft Internet Explorer
  
  

As to your choice of directories for IIS, you have a few things to consider when making these decisions. First, you will have greater security for your server if you locate these relatively open directories on a partition that is formatted using NTFS. NTFS will even enable you to set security down at the directory and individual file levels if you want to ensure that certain portions of your Web site or FTP site are limited to a certain set of users. Another important consideration is balancing your input/output load for the disk drives. If your IIS site becomes popular, you will probably want to locate your files on drives that are used only lightly for other purposes.

Your next step is to prepare your system for installation. For this discussion, I will assume that you have worked out the details of getting NT Server installed and have worked out device drivers and so forth. There are a few other preparation steps that you should consider before you start the installation:

• You must install the TCP/IP protocol. Although many other NT network functions are designed to be protocol-independent, these Internet services are not. As part of this, you have to obtain an IP address or have a Dynamic Host Configuration Protocol (DHCP) server provide you with an address.
  
  
• If you are going to be connected to the Internet, you have to arrange the connectivity with your Internet Service Provider or whatever networking staff takes care of these details. These details include a registered IP address and a domain name by which you will be identified to remote computers using the Domain Name System (DNS).
  
  
• If you plan to provide services to the Internet community, you may want to look into the transmission capacity of your network card. A popular site can generate a lot of traffic that is beyond the capabilities of many of the network cards on the market, especially in the PC world.
  
  
• You may want to publish the IP address for this new server in one of the name lookup services that are available. The Windows Internet Names Service (WINS), Domain Name Service (DNS, which you can run under NT 4.0), or hosts files enable you to associate an easy to remember name (www. Microsoft.com, for example) with one of those long IP addresses. It is your call; however, I have found that people are really getting used to this convenience and might balk at typing the old IP addresses to connect to your server.
  
  
• You may also want to review the general security configuration of your server before installing IIS. An example of a good security measure is using NTFS on the drives to restrict access for the anonymous FTP and generic Web account to only the appropriate directories. You may also want to check your passwords to ensure that they have a reasonable complexity.
  
  
• You may also want to see whether you need to implement advanced security features, such as firewalls, proxy servers, and so forth, to keep your system safe[me]especially if you are letting users from the Internet in.
  
  
• You may want to use a dedicated network adapter for Internet services and bind only the network components that are needed for IIS on to this card.
  
  

The third step in the overall setup process is to run the IIS setup program. That will be covered in a little more detail in just a few sections. It should only take a couple of minutes if you have everything planned out and set up for this process. You go through a few screens that ask simple questions and you are done.

The next step in the setup process is to configure your servers. To allow IIS to adapt to a number of different environments ranging from small intranet servers to large Internet sites, Microsoft has built a number of configuration options that you can set as needed. They are relatively straightforward and, unlike tuning UNIX kernels, you are really not going to cause any great problems if it takes you a while to get the settings just right. An entire section later in this chapter is devoted to going through these settings.

The final step in the installation process is to add your content to the servers that you have installed. All these sites come with some very boring default Web pages and so forth. The key here is that you are ready to create the environment of each of your servers. It is a relatively simple authoring process using tools such as Microsoft FrontPage or one of its competitors. FTP sites are easy to build because all you have to do is set up directories and copy in the files (you might also want to set up some file access permissions if the need arises). Your site will be judged by the value of its content, so this is where you should really put your main emphasis.

System Requirements

The following are the installation requirements:

• A computer running the NT Server version 4.0 operating system.
  
  
• Adequate memory for the NT Server version 4.0 operating system. These applications are similar to file sharing on a local network and are therefore not memory-intensive unless you are planning to build a lot of server-based Web applications.
  
  
• Adequate disk storage space for the planned content of the Web pages, FTP server, and/or Gopher server.
  
  
• CD-ROM drive for installation.
  
  
• TCP/IP protocol installed.
  
  
• Unique IP address. Official domain name is optional.
  
  
• Network adapter card.
  
  

Installation Procedure

Typically, you will set up Internet Information Server as part of your Windows NT Server installation. You merely select the checkbox labeled Install Microsoft Internet Information Server when you are selecting network components during installation. If you did not install IIS at that time, however, you can install it by running the inetstp.exe file that is in the \inetsrv directory on the Windows NT Server CD-ROM. Either way, the basic installation steps are the same.

If you run IIS setup after NT Server installation, the first screen that you will see is your typical welcome screen for IIS. I suppose that this is just a tradition, and it also ensures that you are running the right installation process. Click the OK button to get to the real business at hand.

The first real task in the installation process is selecting which of the components of IIS to install. If you have carefully made your plans as described earlier in this section, you already know the answers to these questions. You will probably always want to install the Internet Service Manager, Help and Sample Files, and Microsoft Internet Explorer. The Internet Service Manager is your main tool for controlling the server processes related to IIS and enables you to configure all the details described in the next section. The Help and Sample Files do not take up that much space and provide useful templates when you are making your own Web pages. It is somewhat interesting that the help for IIS is actually in the form of a Web page, as shown in Figure 16.1. Finally, the Microsoft Internet Explorer will be useful when you want to test your Web server installations, and it also enables you to read the help files.

FIGURE 16.1. Help for Internet Information Server.

The ODBC drivers and administration section provides you with the capability of interfacing your Web server with a database. The current drivers supported in this option enable you to connect to Microsoft SQL Server. However, there are drivers available that enable you to connect to a number of common relational database management systems, such as Oracle. Note that in addition to installing the drivers, you need to configure a data source (a link to a specific database) using the ODBC tool that is located under Control Panel.

You also have to choose the directory in which you want the Internet Information Server software to be loaded. I would typically accept the default, because the IIS software is usually a relatively small amount of disk space, with content taking up the majority of the space. You can use the change button if you want. It will bring up a dialog that enables you to select a directory on your system in the traditional windows fashion. Once you click on OK, you will go to the next screen.

The next screen enables you to specify the publishing directories (that is, the location of your contents) for your servers. Note that you have the option of entering multiple directories (potentially on multiple disk drives) during the configuration process described in the next section. You specify the first directory for each of the servers. You will be prompted to create the service directories if they do not already exist.

The final general purpose setup task is to create the account that will be used for generic access to your IIS system. This account name has the format IUSR_computername where computername is the network name that you have set up for your computer. I call my test server tester, so the generic Internet account name is IUSR_TESTER. Almost all the access through the Web on the Internet uses a generic account such as this to provide access to the system. You will be asked to enter a password and confirm it. Once you complete the information and click on OK, the system will copy the Internet Information Server files from the CD to your hard disk drive. If you chose to install ODBC drivers, you will be prompted for which ones to install in another dialog box.

Finally, setup displays a completion dialog box. This is designed to let you know that everything has been done and you are ready to use IIS. All you have to do is to select the OK button. You now have a running Internet server.

Configuration After Setup Is Complete

Although your Internet server is now functional, there are a number of options that you might want to set to customize it for your needs. Many of these options are just personalization features. You can enter custom greetings that are displayed when users access your FTP server. Others are related to configuring your servers to the expected load sizes. They enable you to protect your server from having too many connections from the network and thereby causing an overload of your server. This section will go through the various configuration utilities that are available to you for Internet Information Server. These utilities are accessed through the Microsoft Internet Server startup menu shown in Figure 16.2.

FIGURE 16.2. Location of the Internet Information server controls.

There are a number of tools here that you might need to use. The first of these tools is the Internet Information Server Setup utility that is shown in Figure 16.3. This enables you to add or remove IIS components. You have the option of performing a complete reinstallation of the product. Finally, you can also remove the product from your system. Note that this affects the IIS software itself. If you wish to remove the content directories, you have to do that manually.

FIGURE 16.3. Internet Information Server Setup utility.

The next tool is probably the one that you will use most often when working to administer IIS. Figure 16.4 shows the basic display for the Internet Service Manager. This tool is used to both configure the properties of the servers and to control whether the servers are running. The basic display shows you the servers that you have installed and whether their services are currently running.

FIGURE 16.4. Internet Service Manager display.

The first task that you might want to perform using the Internet Service Manager is to connect to a server. By default, you will be connected to the Internet Information Server that is running on the computer on which you are working. You have the option through the connect icon or the File, Open menu selections of connecting to a remote IIS instance. Type the name of the computer in the Connect To Server dialog box, shown in Figure 16.5.

FIGURE 16.5. Connect To Server dialog box.

Your next task might be to start or stop one of the servers. To do this, highlight the server of interest with your mouse and use the toolbar buttons just as you would a VCR. The one that looks like a VCR stop button stops the instance, and the one that looks like a VCR play button starts it. Because most of these servers are based on answering requests that come in over the network, the shutdown and startup processes do not take very long.

Each of the servers also has a series of configuration options that you might want to set. The interface to set up these configurations is activated by clicking the right mouse button over the server of interest and then selecting the properties option from the menu that pops up. All configuration options are set using a series of tab dialog box properties sheets, as has become common with the Windows NT 4.0/Windows 95 interface. Figure 16.6 shows the properties pages that come up for the Web server.

FIGURE 16.6. WWW Service Properties page for the Web server.

The first tab dialog that you might want to work with contains the basic settings for the WWW service. Key elements of this dialog box are the following:

• Timeout. Determines the maximum amount of time that will be spent waiting for a remote computer to respond before it gives up.
  
  
• Maximum connections. Determines the maximum number of connections that the system will respond to on the Web. It is a tool that helps you prevent Web users from overloading your server.
  
  
• Anonymous logon. The user ID and password that would be used for traditional network browsers to access your system.
  
  
• Password authentication. Allow anonymous enables the logon ID specified in the previous bullet point. Basic clear text is the normal means of passing authentication information over the Internet. Windows NT Challenge/Response enables you to use standard Windows NT security mechanisms to establish the identity of the user requesting access to the Web.
  
  

The next page in this Properties tab dialog set controls the directories that contain the content for the Web. Figure 16.7 shows this dialog. As you can see, you are allowed to enter one or more directories that contain content. This is interesting because you can link directories together that appear to the user to be on the root level of the Web server or in a number of subdirectories under the root level of the Web server. The directory structure that appears to the Web user does not necessarily have any relation to that of the directories as they exist on your hard disk drives. This is a powerful means of controlling your structure and balancing your disk loads. Another important feature here is that you get to set the default document for your Web server. This is the HTML document that is displayed when a user enters your server name in the address box, but does not specify a specific page. Default.htm is the default here, but you might want to change it to index.htm or index.html, which is what you may have authored for most of the other Web servers that are available. There is also a checkbox that disables directory browsing (which is just what it sounds like). You can expose entire file systems to unwanted eyes, not just the directories of your Web server.

---

Unless you can think of a good reason why users need to have directory browsing capabilities, I would recommend disabling it.

---

FIGURE 16.7. Web Directories dialog box.

The next properties that you might want to set up for your new Web server are logging properties, as shown in Figure 16.8. You will probably want to keep logs showing activity on your Web for later analysis. You have two options for logging. The basic option is to use system text files to record activity. You can have these files started on regular basis (daily, for example). This log cycling prevents you from having to look through a single very large file to find a particular date. You could also store this information in a database that you connect to using ODBC. The advantage of using the database is that you can use report writing and other analytical tools to provide reports off your logging data.

FIGURE 16.8. Logging Properties dialog box.

The final properties page for the Web server enables you to place some finer controls over the access provided to your server. Figure 16.9 shows the Advanced Dialog. Here you can grant free access to your Web server (which is the default), or you can grant or deny access to a specific list of computers (by IP address) that you enter. This way you can control access only to your group or filter out groups of IP addresses that belong to competitors or other people that you want to keep out. Finally, you can use this screen to set a limit on the maximum data transfer rate that would be devoted to all your IIS needs. This is another tool to prevent the popularity of your Web site from dragging your server to its knees.

FIGURE 16.9. Advanced dialog box.

The tab dialog boxes that enable you to set properties for the other two IIS servers are generally similar to those used for the Web server. Let's look at those that have some significant differences. The only dialog that has a significant difference for the Gopher server is the Service dialog box, which is shown in Figure 16.10. The key difference here is that you have both an anonymous logon account and a service administrator (which is by default the system administrator account but does not have to be). Remember, if you have used the NTFS file system, you can set access permissions for files and directories in the Gopher directories to control access to information based on the logon account used to access the server (that is, anonymous logons get most of the material, but some sensitive stuff is restricted to users whom you specify).

FIGURE 16.10. Gopher Service Properties page.

There are two properties pages for the FTP server that merit some comments. Figure 16.11 shows the Service Properties page for the FTP Server. Much like the Gopher server, you have the option of setting accounts for both the administrator and anonymous user. Remember that you do not have to allow anonymous access if you do not want to. Note that your electronic mail address is provided for the administrator. Many FTP utilities are designed to enable users to communicate with the administrators of the FTP servers, much like a send mail to tag is used on a Web page.

FIGURE 16.11. FTP Service Properties page.

The second properties page of interest for the FTP server is the Messages properties page. Figure 16.12 shows you this page. You enter three different types of messages for your users. The first is the message with which they will be greeted when they first connect to the FTP site. The second message will be presented to them when they choose to quit from your site. The third message will be displayed when there are already too many users connected to your FTP site (as determined by the maximum number of connections properties that you have set on the previous properties page). Some people spend a great deal of time creating messages that comply with regulations and disclaimers. Others do not have any messages at all. This is about your only vehicle to communicate with your FTP clients.

FIGURE 16.12. FTP Messages Properties page.

The next utility that you might want to access related to IIS is relatively new. Figure 16.13 shows the Key Manager Utility. This is a utility that enables you to use the Secure Sockets Layer (SSL) standard to provide secure Web data transmissions over the network. You have to have a machine on the other side that supports this protocol. The Key Manager enables you to identify who you are through a key issued by a certification authority. You use the Key Manager to general a request file that you can send to the certification authority. This authority will send you a certificate (which is a long string of cryptographic key numbers) that will identify you and enable you to use SSL. Once you receive the certificate, you can activate that security on one or more specific Web directories (that is, you do not have to do your entire site). If you activate this security, only clients who have SSL certificates can use the specified Web directories. You can use Internet Service Manager to enable or disable SSL security.

FIGURE 16.13. Key Manager utility.

A final tool that can be useful when setting up your Web site is the Services tool located under Control Panel (see Figure 16.14). There are two basic tasks that you perform here. The first is starting or stopping the services associated with the specific Internet services from here just as you would under the Internet Service Manager. You can also start and stop these processes from the DOS command line using the net start servicename command. This can come in handy when you want to control Internet servers using batch files and the at utility. The second property that you control using the Services tool is whether the service is started automatically or manually. You usually start your Internet servers automatically on system startup, but you do not have to do this.

FIGURE 16.14. Services tool under Control Panel.

There are actually quite a number of options that you can set related to your IIS servers. A good question at this point would be what settings should you use for your installation? Unfortunately, that depends on the capacity of your system, the other functions that your server is asked to perform, and the types of access that you are providing. Start with the default settings provided for all the security and tuning parameters. Then monitor your system as discussed in Chapter 12, "Windows NT Performance Tuning," to see whether you have performance issues. If your server is being overloaded, you can start lowering the tuning parameters until you are working within the capacity of your system. It would be nice if I could display a chart that gave you an easy answer, but there are too many performance variables that interact with one another to make any such chart meaningful.

Planning for Content

So far, you have explored the operating system services and tools that are used to run your Internet servers. In spite of all the screens discussed, IIS is actually a relatively simple product to set up and keep going from a system administrator perspective. I have had working Web servers where I just ran the setup utility and never touched any of the configuration options. This light load on the system administration side can free you up to do something that is far more interesting—develop your server content.

FTP and Gopher servers are really just collections of files (although Gopher supports links and a few more advanced concepts). You will typically only concern yourself with building a hierarchy of directories so that it is easy for people to find the files in which they are interested. You should probably consider keeping the amount of files in any given directory to a reasonable number (under 50), because it can be a real pain to scroll through a directory with hundreds of files trying to find the one that you want. Other than that, all I can suggest is that you build a hierarchy of directories that will make sense to your intended audience (how they would think of classifying things).

The Web is an entirely different animal. It can be as simple as a single default Web page with just a little bit of text, or it can be a complex system of HTML pages, graphics, animations, sounds, applications, and even databases. In order to set up the directories and options that will be needed to support the content that you will be providing, a little content planning is needed. You really need to do draw a picture of the pages that you will want to present and any associated applications, graphics, and so forth. Some Web authoring tools, such as FrontPage, have an Explorer view that enables you to see the links between pages (see Figure 16.15). Once you have this picture, you can start planning your Web directories, estimating sizes, and so forth.

FIGURE 16.15. FrontPage Explorer.

Verifying a Successful Installation

Although I have found the IIS installation process to be completely reliable and easy, the only way to know for sure is to test the system. To do this, you need to have some content in the appropriate directories for your Internet servers and have the servers themselves running. You should then use the appropriate tools from both the server itself and some client workstations to verify that you can work with the content files. Cruise through a series of Web pages and actually upload/download files from FTP to make sure that all the security permissions are set properly, links defined correctly, and so forth. It is always better if you find the problems rather than having your users find them.

Issues and Cautions

Before finishing this chapter, here are some ideas to consider when working with IIS:

• Different Web servers and authoring tools use different extensions for Web pages. Depending on whether they are trying to accommodate the old DOS 8.3 naming convention, they will typically use either an htm or an html extension. You need to be sensitive to this when specifying links and URLs.
  
  
• Many Web servers use a default page of index.html. You can configure the name of the default Web page in IIS, but it will usually be default.htm. You may have to change this if you have a whole Web system authored for another Web server that you want to bring up under IIS.
  
  
• If you want to secure some files, but not others, from specific groups of users under the IIS content directories, you have to places these files on NTFS drives. The traditional FAT file system has no security mechanisms built into it.
  
  
• If you are connected to the Internet or even a large intranet, you really need to pay attention to performance monitoring as outlined in Chapter 12. I have seen a number of sites get swamped when they contain popular Web sites. I have even seen the administrators kick the more popular sites off their systems to keep the load level reasonable.
  
  
• If you are going to allow uploads to your system, you might want to consider implementing an automated virus scanning system. It is really easy to spread computer infections with a popular file transfer site.
  
  
• Massive file downloads can be the greatest burden on many Internet sites. It may take a while for a Web page with graphics to display on a screen, but I have seen file downloads that can take up to an hour. You may want to control the number of file downloads or the times that they are permitted by automatically swapping in Web pages that restrict downloads during busy periods. If you want to get really clever, you can cause these swapping programs to be run automatically when you exceed a certain limit using the NT Performance Monitor.
  
  

Finally, if you want any real security, you have to get familiar with SSL and some of the new standards that are just coming into commercial reality. If your transmissions are not secure, you are setting yourself up for all kinds of trouble. Be aware, though, that these wonderful security mechanisms place restrictions on access to your pages (that is, the client has to have these mechanisms installed to access your information).

Summary

This chapter presented the installation and configuration options for the Internet Information Server product. It is actually quite simple to get working. You have a number of tuning and personalization options that you can set. The default settings work quite well in the vast majority of situations, so tuning is needed only if you have a particularly large or popular site.