hosting web sites on microsoft small business server 2000
TRANSCRIPT
1
Hosting Web Sites on Hosting Web Sites on Microsoft Small Business Microsoft Small Business Server 2000Server 2000
John MorelloJohn MorelloSupport ProfessionalSupport ProfessionalMicrosoft CorporationMicrosoft Corporation
2
What You Will LearnWhat You Will Learn
How to use host headers and destination sets How to use host headers and destination sets to host multiple Web sitesto host multiple Web sites
How ISA packet filters protect network How ISA packet filters protect network securitysecurity
How to configure ISA to publish protected How to configure ISA to publish protected servicesservices
3
Hosting RequirementsHosting Requirements
At least one static IP address for the Small At least one static IP address for the Small Business Server (SBS) networkBusiness Server (SBS) network
An upstream Internet connection of at least An upstream Internet connection of at least 128 Kbps128 Kbps
A server that meets SBS 2000 recommended A server that meets SBS 2000 recommended requirements (500-MHz PIII processor with requirements (500-MHz PIII processor with 256 MB of RAM)256 MB of RAM)
4
Uniqueness of SBS Hosting Uniqueness of SBS Hosting ScenarioScenario Firewall and Web server on the same Firewall and Web server on the same
physical serverphysical server Hosting Internet Security and Acceleration Hosting Internet Security and Acceleration
Server 2000 and Internet Information Services Server 2000 and Internet Information Services 5.0 on the same server requires additional 5.0 on the same server requires additional configurationconfiguration
5
Our Baseline Hosting ScenarioOur Baseline Hosting Scenario
6
Installing Necessary ComponentsInstalling Necessary Components
7
DNS Configuration OverviewDNS Configuration Overview
Determine which server has SOA for the Determine which server has SOA for the domaindomain
Use NSLookup to verify that the server’s A Use NSLookup to verify that the server’s A record is correctly pointed to the IP of your record is correctly pointed to the IP of your SBS 2000 hostSBS 2000 host
Any updates or new records must be made Any updates or new records must be made on the server that has SOA for the domainon the server that has SOA for the domain
8
Using NSLookup for SOA VerificationUsing NSLookup for SOA VerificationMicrosoft Windows 2000 [Version 5.1.2465](C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\Administrator>nslookupDefault Server: server.nwtraders.localAddress: 192.168.16.2
>server dns1.isp.netDefault Server: dns1.isp.netAddress: 200.1.1.1
> set type=soa> nwtraders.comServer: dns1.isp.netAddress: 200.1.1.1
Non-authoritative answer:nwtraders.com primary name server = dns1.isp.net responsible mail addr = admin serial = 2413717 refresh = 900 (15 mins) retry = 600 (10 mins) expire = 86400 (1 day) default TTL = 3600 (1 hour)
dns1.isp.net internet address = 200.1.1.1
9
Using NSLookup for Host VerificationUsing NSLookup for Host Verification
Microsoft Windows 2000 [Version 5.1.2465](C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\Administrator>nslookupDefault Server: server.nwtraders.localAddress: 192.168.16.2
>server dns1.isp.netDefault Server: dns1.isp.netAddress: 200.1.1.1
> www.nwtraders.comServer: dns1.isp.netAddress: 200.1.1.1
Name: www.nwtraders.comAddress: 200.2.2.2
>
10
Basic TCP/IP Configuration of the Basic TCP/IP Configuration of the Internal AdapterInternal Adapter
IP address will be a non-routed address (by IP address will be a non-routed address (by default SBS uses 192.168.16.2; private ranges default SBS uses 192.168.16.2; private ranges include 10.0.0.0/8, 172.16.0.0-include 10.0.0.0/8, 172.16.0.0-172.31.255.255/16, and 192.168.0.0/16)172.31.255.255/16, and 192.168.0.0/16)
Gateway should be left emptyGateway should be left empty DNS server should be pointed to the IP DNS server should be pointed to the IP
address of the adapteraddress of the adapter
11
Basic TCP/IP Configuration of the Basic TCP/IP Configuration of the External AdapterExternal Adapter IP address, net mask, and gateway IP address, net mask, and gateway
information will be provided by the ISPinformation will be provided by the ISP Add only the IP of the internal adapter to the Add only the IP of the internal adapter to the
list of DNS serverslist of DNS servers Remove (uncheck) all services and protocols, Remove (uncheck) all services and protocols,
except QoS Packet Scheduler and TCP/IPexcept QoS Packet Scheduler and TCP/IP Disable NetBIOS, disable DNS registrationDisable NetBIOS, disable DNS registration
12
Configuring DNS ForwardersConfiguring DNS Forwarders
If the Internet Connection Wizard has been If the Internet Connection Wizard has been run, DNS Forwarders should already be run, DNS Forwarders should already be configuredconfigured
Forwarders speed up name resolution for Forwarders speed up name resolution for internal clients attempting to resolve external internal clients attempting to resolve external addressesaddresses
13
Adding DNS ForwardersAdding DNS Forwarders
14
Determining Your Hosting ScenarioDetermining Your Hosting Scenario
Hosting multiple Web sites?Hosting multiple Web sites? Using host headers or unique IP addressing?Using host headers or unique IP addressing? Content update methodsContent update methods
15
Assigning New Internal IP AddressesAssigning New Internal IP Addresses
16
Creating Webs Within IISCreating Webs Within IIS
17
Binding the Web Sites to the Binding the Web Sites to the Appropriate IPsAppropriate IPs
18
Reconfiguring Incoming Web Reconfiguring Incoming Web Request ListenersRequest Listeners
19
Creating Destination SetsCreating Destination Sets
20
Creating Web Publishing RulesCreating Web Publishing Rules
21
Packet FiltersPacket Filters
22
Restarting ISA ServicesRestarting ISA Services
23
Logical Flow of a Web RequestLogical Flow of a Web Request
24
Logical Flow of a Web RequestLogical Flow of a Web Request (2) (2)
HTTP request HTTP request
ISA Incoming Web Request listener grabs the ISA Incoming Web Request listener grabs the request and forwards it to the Web request and forwards it to the Web Publishing rules Publishing rules
ISA Web Publishing rule ISA Web Publishing rule (determines (determines whether or not the rule is applicable by whether or not the rule is applicable by comparing host header to destination set)comparing host header to destination set)
IIS responds directly to Internet clientIIS responds directly to Internet client
25
Tuning Your IIS 5.0 Web SiteTuning Your IIS 5.0 Web Site
WindowsWindows®® 2000 Web and Application 2000 Web and Application ServicesServiceshttp://microsoft.com/windows2000/technologihttp://microsoft.com/windows2000/technologies/web/default.aspes/web/default.asp
The Art and Science of Web Server Tuning The Art and Science of Web Server Tuning with Internet Information Services 5.0with Internet Information Services 5.0http://microsoft.com/windows2000/techinfo/ahttp://microsoft.com/windows2000/techinfo/administration/web/tuning.aspdministration/web/tuning.asp
Note that the URLs should be entered as one line; they are wrapped here for readability.
26
Basic IIS SecurityBasic IIS Security
File and directory access permissions are File and directory access permissions are defined by the regular NTFS ACLsdefined by the regular NTFS ACLs
Anonymous Internet users are represented Anonymous Internet users are represented by the IUSR_<by the IUSR_<servername>servername> account account
Windows 2000 exposes most common Windows 2000 exposes most common security configuration options with the security configuration options with the Domain, Domain Controller, and Local Domain, Domain Controller, and Local Security Policy toolsSecurity Policy tools
27
Maintaining Your SecurityMaintaining Your Security
Secure Internet Information Services 5 Secure Internet Information Services 5 ChecklistChecklisthttp://microsoft.com/http://microsoft.com/technettechnet/security/iis5chk.asp/security/iis5chk.asp
Windows 2000 IIS 5.0 Hotfix Checking Tool Windows 2000 IIS 5.0 Hotfix Checking Tool http://www.microsoft.com/Downloads/http://www.microsoft.com/Downloads/Release.asp?ReleaseIDRelease.asp?ReleaseID=24168=24168