The Windows® 2000 Server operating system integrates Internet
technologies across all services, from File and Print to advanced
line-of-business application services. This helps ensure organizations
can more effectively exchange information with customers, partners, and
employees worldwide.
Windows 2000 Server meets the needs of a broad spectrum of
users, from corporate intranets to Internet Service Providers hosting
Web sites receiving millions of hits per day. Because Internet
Information Server (IIS) is fully integrated at the operating system
level, Windows 2000 Server lets organizations add Internet capabilities
that weave directly into the rest of their computing infrastructure.
Specifically, Windows 2000 Server lets organizations:
§
Share information more efficiently using the Web.
In the past, performing standard file operations on a network file
share was much easier than performing similar operations on a remote
Web site. Now, Windows 2000 Server technologies such as Web Distributed
Authoring and Versioning (WebDAV) make it as easy to carry out standard
file operations on a Web share.
§
Create Web-based business applications.
Creating Web-based applications that integrate well into traditional
business applications can be difficult. Windows 2000 Server
overcomes this burden by sharing internet-aware application development
tools with IIS, an efficiency that extends applications to the Web and
eliminates awkward bridges between internal and external processes.
§
Bring server operating system functionality to the
Web.
In addition to allowing organizations to extend basic file and print
services to the Web, Windows 2000 Server supports applications,
media, and communications and networking services from a common server
platform. This convergence means that everything a company can do with
Windows 2000 Server is automatically supported in a fully
integrated Web environment.
Sharing Information
Feature
|
Description
|
Support
for Web Distributed Authoring and Versioning (WebDAV)
|
WebDAV
is an Internet standard that lets multiple people collaborate on a
document using an Internet-based shared file system. It addresses
issues such as file access permissions, offline editing, file
integrity, and conflict resolution when competing changes are made to
a document. WebDAV expands an organization's infrastructure by using
the Internet as the central location for storing shared files.
|
Web
Folders
|
Support
for Web Folders lets users navigate to a WebDAV-compliant server and
view the content as if it were part of the same namespace as the
local system. Users can drag and drop files, retrieve or modify file
property information, and perform other file system-related tasks.
Web Folders let users maintain a consistent look and feel between
navigating the local file system, a networked drive, and an Internet
Web site.
|
Support
for FrontPage Server Extensions
|
Windows 2000
Server lets administrators use Microsoft FrontPage Web authoring and
management features to deploy and manage Web sites. With FrontPage
Server Extensions, administrators can view and manage a Web site in a
graphical interface, so creating Web sites with the FrontPage Web
site creation and management tool is as easy as clicking a check box
on a property page for the Web site. In addition, authors can create,
edit, and post Web pages to IIS remotely.
|
Support
for Latest Internet Standards
|
Using
the integrated Web services in Windows 2000 Server,
organizations can take advantage of the latest Internet standards to
publish and share information over the Web. Microsoft Internet
Information Services (IIS) 5.0 complies with the HTTP 1.1 standard,
including features such as PUT and DELETE, the ability to customize
HTTP error messages, and support for custom HTTP headers. Support for
the latest protocols provides optimum performance for Web server
connections.
|
Support
for Multiple Sites with One IP Address
|
With
support for host headers, an organization can host multiple Web sites
on a single computer running Microsoft Windows 2000 Server with
only one Internet Protocol (IP) address. This lets Internet service
providers (ISPs) and corporate intranets host multiple Web sites on a
single server while offering separate user domains for each site.
|
News
and Mail
|
Administrators
can use Simple Mail Transfer Protocol (SMTP) and Network News
Transport Protocol (NNTP) Services to set up intranet mail and news
services that work in conjunction with IIS. SMTP is a commonly used
protocol for sending e-mail messages between servers; NNTP is the
protocol used to post, distribute, and retrieve USENET messages.
|
PICS
Ratings
|
Administrators
can apply Platform for Internet Content Selection (PICS) ratings to
sites that contain content for mature audiences. This lets them host
a variety of sites and provide information about suitability for
particular audiences.
|
HTTP
Compression
|
HTTP
compression allows faster transmission of pages between the Web
server and compression-enabled clients. This is useful in situations
where bandwidth is limited.
|
File
Transfer Protocol (FTP) and FTP Restart
|
The
File Transfer Protocol (FTP) service, used to publish information to
a Web server, is integrated into Windows 2000 Server. FTP
Restart provides a faster, smoother way to download information from
the Internet. Now, if an interruption occurs during data transfer
from an FTP site, a download can be resumed without having to
download the entire file over again.
|
Creating Web-Based Applications
Feature
|
Description
|
Active
Server Pages
|
Microsoft
Active Server Pages (ASP) lets developers create dynamic content by
using server-side scripting and components to create
browser-independent dynamic content. ASP provides an easy-to-use
alternative to Common Gateway Interface (CGI) and Internet Server
Application Program Interface (ISAPI) by letting content developers
embed any scripting language or server component into their HTML
pages. ASP pages provide standards-based database connectivity and
the ability to customize content for different browsers. ASP also
provides error-handling capabilities for Web-based applications.
|
Performance-enhanced
Objects
|
ASP
provides performance-enhanced versions of its popular installable
components. These objects scale reliably in a wide range of Web
application environments.
|
XML
Integration
|
Just
as HTML lets developers describe the format of a Web document,
Extensible Markup Language (XML) lets them describe complex data
structures. Developers can share this information across a variety of
applications, clients, and servers. Using the new Microsoft XML
Parser, developers can create applications that enable their Web
server to exchange XML-formatted data with both Microsoft Internet
Explorer and any server capable of parsing XML.
|
Windows
Script Components
|
ASP
supports the new scripting technology, Windows Script Components.
This lets developers turn business logic script procedures into
reusable COM components for Web applications and other COM-compliant
programs.
|
Browser
Capabilities Component
|
ASP
has a new feature for determining the exact capabilities of a browser.
When a browser sends a cookie describing its capabilities (such a
cookie can be installed by using a simple client-side script),
developers can create an instance of the Browser Capabilities
Component that retrieves the browser's properties as returned by the
cookie. Developers can use this feature to discover a browser's
capabilities and adjust an application accordingly.
|
ASP
Self-Tuning
|
ASP
now senses when executing requests are blocked by external resources
and automatically provides more threads to simultaneously execute
additional requests while continuing processing. If the CPU becomes
overburdened, ASP curtails the number of threads in order to reduce
the constant switching that occurs when too many non-blocking
requests are executing simultaneously.
|
Encoded
ASP Scripts
|
Traditionally,
Web developers have been unable to prevent others from reading their
scripting code. ASP now supports a new script encoding utility
provided with Microsoft Visual Basic Scripting Edition (VBScript) and
Microsoft JScript 5.0. Web developers can apply an encoding scheme to
both client and server-side scripts that makes the programmatic logic
unreadable. When unencoded, the logic appears in standard ASCII
characters. Encoded scripts are decoded at run time by the script engine,
so there's no need for a separate utility. Although this feature is
not intended as a secure, encrypted solution, it can prevent most
casual users from browsing or copying scripts.
|
Application
Protection
|
IIS
5.0 offers improved protection and increased reliability for Web
applications. By default, IIS runs all applications in a common or
pooled process that is separate from core IIS processes. In addition,
administrators can still isolate mission-critical applications that
should be run outside of both core IIS and pooled processes.
|
ADSI
2.0
|
Administrators
and application developers can add custom objects, properties, and
methods to the existing Active Directory Service Interfaces (ADSI)
provider, giving administrators more flexibility in configuring
sites. ADSI is a COM-based directory service model that lets
ADSI-compliant client applications access a wide variety of distinct
directory protocols, including Windows Directory Services and
Lightweight Directory Access Protocol (LDAP), while using a single,
standard set of interfaces. ADSI shields the client application from
the implementation and operational details of the underlying data
store or protocol.
|
|
|
|
|
|
Bringing Server Operating System Functionality
to the Web
Feature
|
Description
|
Multisite
Hosting
|
Often
Web sites for several departments can run on a single server, freeing
a company from spending the time and money to set up and manage
multiple servers. Windows 2000 Server offers a comprehensive
platform for hosting multiple Web sites on a single server. In
addition, the multisite hosting capability in Windows 2000
Server lets ISPs host Web sites that can scale from hosting thousands
of small sites on a single server to hosting a great number of sites
across multiple servers.
|
Multiple
User Domains
|
The
integration between the Web servers and directory services (the
Active Directory) in Windows 2000 Server lets organizations host
multiple Web sites with independent user domains—that is, each Web
site on a single server has its own user database.
|
User
Management Delegation
|
This
lets an IT or ISP administrator who hosts multiple Web sites on a
single server delegate the day-to-day management of the Web site.
|
Process
Throttling
|
This
lets administrators limit the amount of CPU time a Web application or
site can use during a predetermined period of time to ensure that
processor time is available to other Web sites or to non-Web
applications.
|
Per
Web Site Bandwidth Throttling
|
This
lets administrators regulate the amount of server bandwidth each site
uses. This lets an ISP, for example, guarantee a predetermined amount
of bandwidth to each site.
|
Integrated
Setup & Upgrade
|
Internet
Information Server (IIS) 5.0 installs as a networking service of
Windows 2000 Server. Customers with any existing version of Windows
NT Server 3.51 or 4.0 will automatically be upgraded to the new Web
services in Windows 2000 Server and can take advantage of the
new features and services of Windows 2000 Server and IIS.
|
Microsoft
Management Console (MMC) Task Pad
|
The
MMC task pad considerably simplifies the administration of an IIS
server. For example, if a user selects a server under the IIS MMC
snap-in, the task pad will display wizards for creating new Web and
FTP sites. Administrators simply select the task they want to complete,
and a wizard walks them through the steps.
|
Dfs
as Filing System for IIS
|
You
can use Microsoft Dfs as the filing system for IIS by selecting the
root for the web site as a Dfs root. Doing so lets you move resources
within the Dfs tree without affecting any HTML links. (Windows Media
Services content can also be stored in the Dfs tree.)
|
Improved
Command-line Administration Scripts
|
IIS
ships with scripts that can be executed from the command line to
automate the management of common Web server tasks. Administrators
can create custom scripts that automate the management of IIS.
|
Reliable
IIS Restart
|
Users
can stop and restart all Internet services from within the IIS MMC
snap-in, which makes it unnecessary to restart the computer when
applications become unavailable.
|
Backing
Up and Restoring IIS
|
Administrators
can back up and save metabase settings to make it easy to return to a
safe, known state. (A metabase is the structure for storing IIS
configuration settings; the metabase performs some of the same functions
as the system registry, but uses less disk space.)
|
Process
Accounting
|
Process
Accounting, which is enabled and customized on a per-site basis, lets
administrators monitor and log how Web sites use CPU resources on the
server. Both system administrators and application developers can use
this feature to determine CPU utilization.
Internet service providers (ISPs) can use this information to
determine which sites are using disproportionately high CPU resources
or that may have malfunctioning scripts or Common Gateway Interface
(CGI) processes. IT managers can use this information to charge back
the cost of hosting a Web site and/or application to the appropriate
division within a company.
|
Improved
Custom Error Messages
|
Administrators
can now send informative messages to clients when HTTP or ASP errors
occur on their Web sites. They can use the custom errors that IIS 5.0
provides or create their own.
|
Configuration
Options
|
Administrators
can set permissions for read, write, execute, script, and FrontPage
Web operations at the site, directory, or file level.
|
Remote
Administration
|
IIS
5.0 has Web-based administration tools that allow remote management
of a server from almost any browser on any platform. With IIS 5.0,
administrators can set up administration accounts called Operators
with limited administration privileges on Web sites, to help
distribute administrative tasks.
|
Terminal
Services
|
The
Terminal Services support in Windows 2000 Server lets
administrators remotely administer IIS by using the Microsoft
Management Console (MMC) over a dial-up or PPTP connection. To do
this, the Terminal Services client must be installed on client
computers.
|
Centralized
Administration
|
Administrators
can use the MMC snap-in for IIS from a computer running Windows 2000
Professional to administer a computer on their intranet running
Internet Information Services on Windows 2000 Server.
|
|
|
|
|
|
Securing Web Services
Feature
|
Description
|
Integrated
Web Security
|
The
Windows 2000 Server Web services are fully integrated with the
Kerberos security infrastructure. The Kerberos Version 5
authentication protocol, which provides fast, single logon to
Windows 2000 Server, replaces NTLM as the primary security
protocol for access to resources within or across Windows 2000
domains. Users can securely authenticate themselves to a
Windows 2000 Server Web site and will not have to undergo a
separate authentication (logon) to use other resources.
In addition, Windows 2000 Server now also supports the following
standard authentication protocols, which are applicable to Web-based
users and ordinary network users alike:
§
Digest Authentication: the latest authentication
standard of the World Wide Web Consortium (W3C), the organization
that sets standards for the Web and HTML.
§
Server-Gated Cryptography (SGC): used by
financial institutions to transmit private documents via the
Internet.
§
Fortezza: The U.S. government security
standard.
|
Secure
Communications
|
Secure
Sockets Layer (SSL) 3.0 and Transport Layer Security (TLS) provide a
secure way to exchange information between clients and servers. In
addition, SSL 3.0 and TLS provide a way for the server to verify who
the client is before the user logs on to the server. In IIS 5.0
programmers can track users through their sites. Also, IIS 5.0 lets
administrators control access to system resources based on the client
certificate.
|
Digest
Authentication
|
Digest
Authentication enables secure authentication of users across proxy
servers and firewalls. It offers the same features as basic
authentication, but improves on it by "hashing" the
password traveling over the Internet, instead of transmitting it as
clear text.
For those who choose not to use Digest Authentication, Anonymous,
HTTP Basic, and integrated Windows authentication (formerly called Windows
NT Challenge/Response authentication) and NT LAN Manager (NTLM)
authentication are still available.
|
Server-gated
Cryptography
|
SGC,
an extension of Secure Sockets Layer (SSL), lets financial
institutions with export versions of IIS use strong 128-bit
encryption. Although SGC capabilities are built into IIS 5.0, a
special SGC certificate is required to use SGC.
|
Security
Wizards
|
These
security wizards simplify server administration tasks:
§
Certificate Wizard simplifies certificate
administration tasks, such as creating certificate requests and
managing the certificate life cycle. Secure Sockets Layer (SSL)
security is an increasingly common requirement for Web sites that
provide e-commerce and access to sensitive business information. The
new wizard makes it easy to set up SSL-enabled Web sites on
Windows 2000 Server - administrators can easily establish and
maintain SSL encryption and client certificate authentication. (A
client certificate contains detailed identification information about
the user and organization that issued the certificate.)
§
Permission Wizard walks administrators through
the tasks of setting up permissions and authenticated access on an
IIS Web site, making it much easier to set up and manage a Web site
that requires authenticated access to its content.
§
Certificate Trust Lists (CTL) Wizard lets
administrators configure certificate trust lists (CTLs). A CTL is a
list of trusted certification authorities (CAs) for a particular
directory. CTLs are especially useful for Internet service providers
(ISPs) who have several Web sites on their server and who need to
have a different list of approved certification authorities for each
site.
|
IP
and Internet Domain Restrictions
|
Administrators
can grant or deny Web access to individual computers, groups of
computers, or entire domains.
|
Kerberos
Version 5 Authentication Protocol Compliance
|
IIS
is fully integrated with the Kerberos v5 authentication protocol
implemented in Microsoft Windows 2000. This means administrators
can pass authentication credentials among connected computers running
Windows.
|
Certificate
Storage
|
IIS
certificate storage is now integrated with the Windows CryptoAPI
storage. The Windows Certificate Manager provides a single point of
entry that lets administrators store, back up, and configure server
certificates.
|
Fortezza
|
IIS
5.0 supports the U.S. government security
standard, commonly called Fortezza. This standard satisfies the
Defense Message System security architecture with a cryptographic
mechanism that provides message confidentiality, integrity,
authentication, and access control to messages, components, and
systems. These features can be implemented both with server and
browser software and with PCMCIA card hardware.
|
|