FTP Server Administration:

Setting, configuring, administration ftp server

We can configure the ftp settings at server level and so that new ftp site will get those.

Or we can do that things at site level

At server level, we have ftp settings

Ftp authentication

1. Anonymous authentication

2. Basic authentication

It is in disabled state… Enable it

Ftp authorization rules:

We can add rules to allow the users to access the particular resource

rule1: allow all the users for read

Ftp directory browsing:

You can check the directory browsing style in MS dos or Unix format

All this settings are done at server level

Create a new ftp site and give the path and give the bindings as all unassigned, port 21,no ssl

After creating site, we will get the server level configuration settings to site

we can create folder in ftp path directory by going to path, or we can done by adding virtual directory, both are same, and the difference can be known as some symbol appears on directories will differentiate.

Ftp messages: we can add some messages so that the users will see when they view the ftp site

Ftp request filtering:

You can add the file extensions so that only we come

ftp logging: same as like normal iis site logging

Ftp ipv4 address and site restrictions: here we can add the ip address that will be allowed or that will be denied

Ftp user isolation:

Isolate the users

Don’t isolate users, start users in

1. Ftp root directory: when users logged, they will be in root directory

2. User name directory: when user logged they will be in their directory, but they will see other directories

Isolated users, RESTRICT THE USERS TO THE FOLLOWING,

1. User name directory (disable global virtual directories)

2. User name physical directory (enable global virtual directories)

If you go isolate users, then choose 1st option

Regards,

Chaitanya

Extending the iis to give more functionality

ISAPI extensions

ISAPI filters

CHI and other extensions

Difference between extension and filters

Client sends the request to server, http listener identifies the website and sends the request to app pool and placed in the queue of the worker process

And worker process works on the request

Before worker process executes the request, filters will be executed

Filters are written in internet service application programming interface(ISAPI)

Filters take the request and will modify that one, and change the url

Here no processing is done… Filters will do the preprocessing the request and they can preview the result after that request is processed.

in case of request for static page, then iis need no help, it will take the page from disk and put it in memory and sends to client thru network

in case of dynamic pages, where php, asp.net code needs to be executed, then here extensions come into picture

When the php file is accessed, then iis loads the php extension and this extension will execute the script and give it back to iis and then iis will give to client

There can be loading of multiple extensions as it request are for of diff types

Filters is of isapi only

But extensions are of types

1. isapi

2.cgi

3. fast CGI

do any these configurations at server level

Go to iis and server, modules, all these are used for the iis to extend iis functionality

Handler mappings: here we can configure the extensions of IIS

Here we can have the handlers that handles the requests coming from clients

Here we can see the details

asp,cgi,handler mappings,fast cgi,modules,isapi filters,isapi and cgi restrictions, handler mappings

Regards,

Chaitanya

Application pools:

incoming requests are coming from web to network interface are listened by http listener in kernel mode, and it sees the site bindings table and sends the requests to app pools that associated with site and app pools have worker process that executes the request and sends the result back to client

App pools have min 1 WP and max is more than 1

One app pool can serves multiple websites or one app pool can work with one site

In task manager, in the processes tab, we have worker processes called w3wp.exe

App pools:

We have pipeline mode: integrated mode: better performance and better stability and it is modern one

It does not execute the code that runs under IIS 5 and below.

For that classic mode is used

It comes under basic settings

Recycling:

Generally developers did not write the good code so that application leaks memory

iis will consume more memory. so Microsoft decides to work with this type so that memory leakage will be reduced and performance will be increased

We have recycling settings

Fixed intervals:

1. Regular interval times (in minutes)

1740 (29 hours

)for every 29 hours WP kills itself and immediately new worker process created and it will serve the request for app pool

2. fixed no of request: 300– after every 300 requests worker process will be killed and new one will start

3. Specified time: if we specify time at that time the worker process will be killed and new one will be created

Memory based maxims:

1. Virtual memory usage: if put some memory length 10mb, if the worker process occupies more than that worker process will be killed

We can keep track of those things in the event log

Advanced settings of App pool:

queue length: 1000

WP executes the request one by 1… Requests are placed in the queue by the http listener that is in kernel mode.

Http listener then after 1000 request over then it gives the error service unavailable

Processor affinity mask: false

It should be false and cpu will decide the affinity

It is the hexadecimal mask that forces the worker process of the app pool to run on specific cpu

Identity: worker process used this identity to access the resources for the request

idle time out: worker process sits idle for 20 mins and after that it will be killed it self

Maximum worker process:

Max no of worker process used to handle the requests coming to IIS

If it is >1 then it is called web garden

Process orphaning: it is used for debugging. normally for developers

iis instead of killing the Worker process, it will continue, so developers will see the inform it will be increasing the memory

if it needs then only send the requests

Recycling:

Disabling the recycle for configuration: false

Generally, iis will read the new configuration after killing the worker process and whenever any changes done to configuration

Disabled overlapped recycle:

Generally, before creating new worker process, then iis will orphaned old one and created new worker process and load the data and after loading data then it kills new one

Regards,

Chaitanya

IIS 7.5 web server installation:

Go to Server manager in Server and it can connect to remote computers

After opening the server manager

Go to roles-> add roles

Check the iis web server windows feature

after that check the sub features what you want

After installation completed, check the futures in the server manager and iis web server and right click on the iis webserver and select add role services

her you got the list of sub features for the iis

under the web server

web server(Installed )

-> Common http features

->static content– non executable code like ads

->default document–when u go to microsoft.com u will go to microsoft.com/default.aspx i.e. called default document

-> Directory browsing: directory structure: most web sites not installed this.. if you don’t need this one… then don’t install it

->Http errors: we can place the custom errors page instead of 401 errors

->http redirection: redirect the url

->Web DAV(distributed authoring and versioning) publishing: used to send the files to web server using the http protocol… it is not recommended.

-> Application development– here executable code is placed

->asp.net– for this u need to have .net framework installed on server, for deploying the .net application

->.net extendibility: write the .net extensions

->asp- for ASP apps, we need to install, else no need

->CGI: use for web server extensibility. it is interface between IIS and programming languages, they used the CGI script. it is having performance issues

->ISAPI Extensions:

->ISAPI filters: ISAPI is faster than CGi and it is MS one

-> server side includes: dynamically inserting html pages to website pages before it sends to client, but asp,asp.net have this functionality default

And it is used when static content is used

Server side includes: is having some performance issues

-> Health and diagnostics– for troubleshooting the web site

->Http logging–it logs the web site activity in text file.. most of sites are using this one only.

->custom logging: it will logs based on programming done.. no need.

->odbc logging: it will log in the DB.

->logging tools: it will manage the web server logs and automate logging tasks

->Request monitor: it monitors websites health and performance. it have the details of http request inside the worker process

we can use the this monitor which http request is process is slow

->tracing: it is used for the diagnostic and trouble shoot the web apps.. with failed request tracing u can troubleshoot events like poor performance, authentication failures.

-> Security– most of them are for authentication

->basic authentication: it is used for internal networks ,not for the public networks, main disadv is the credentials(clear text) transferred over this is very easy to decrypt

if you website is not using the https…it is like getting the dialogue box and asking the credentials

->windows authentication: used for internal websites. for windows domain. don’t use it for users that are accessing the website beyond the firewalls or using the proxy servers

-> digest authentication: works by sending the password in hash format over windows controller domain , it will give more security that basic authentication for users that are accessing the website beyond the firewalls or using the proxy server

->client certificate mapping:: uses client certificates to authenticate users. client certificate is digital id from the trusted source

IIS offers 2 types of mapping: this type offers one to one certificate mapping across multiple web servers

-> IIS client certificate mapping: this one is more performance and IIS offers here one to one and many to one certificate mapping. If your website is not having authentication, no need of installing all the above authentications

-> URL authorizing : preventing the users from accessing the web content by binding the rules to the users, groups, http verbs

-> Request filtering: take all request and filer it based on rules set by administrator and send it to server

-> IP address and domain restrictions: used to set certain IP address only hit or certain IP address will not hit the server.

-> Performance:

->Static content compression: compressing the static web pages, so that CPU have more band width and iis will keep it in cache

->Dynamic content compression: not recommended

->Management tools:

->IIS management console

->IIS Management scripts and tools

->Management service: it should be installed so that other that server can be IIS web connected remotely and managed

-> IIS 6 Management compatibility:

-> IIS mat abase compatibility

->IIS 6 WMI compatibility

->IIS scripting tools

->IIS 6 management console

don’t login into server and manage the iis and manage it remotely

-> FTP server:

for windows server 2008 RTM, iis 7 has the ftp 6.0 version, after that they release ftp7.o version for iis 7.0

-> FTP service

-> FTP extensibility:

> IIS Hostable web core : it is the dll file used by application developers in their application

Installing IIS through script

http://technet.microsoft.com/en-us/library/cc771209.aspx

Regards,

Chaitanya