Internet Information Server

 

The Windows® 2000 Server operating system integrates Internet technologies across all services, from File and Print to advanced line-of-business application services. This helps ensure organizations can more effectively exchange information with customers, partners, and employees worldwide.

Windows 2000 Server meets the needs of a broad spectrum of users, from corporate intranets to Internet Service Providers hosting Web sites receiving millions of hits per day. Because Internet Information Server (IIS) is fully integrated at the operating system level, Windows 2000 Server lets organizations add Internet capabilities that weave directly into the rest of their computing infrastructure.

Specifically, Windows 2000 Server lets organizations:

§                     Share information more efficiently using the Web.
In the past, performing standard file operations on a network file share was much easier than performing similar operations on a remote Web site. Now, Windows 2000 Server technologies such as Web Distributed Authoring and Versioning (WebDAV) make it as easy to carry out standard file operations on a Web share. 

§                     Create Web-based business applications.
Creating Web-based applications that integrate well into traditional business applications can be difficult. Windows 2000 Server overcomes this burden by sharing internet-aware application development tools with IIS, an efficiency that extends applications to the Web and eliminates awkward bridges between internal and external processes. 

§                     Bring server operating system functionality to the Web.
In addition to allowing organizations to extend basic file and print services to the Web, Windows 2000 Server supports applications, media, and communications and networking services from a common server platform. This convergence means that everything a company can do with Windows 2000 Server is automatically supported in a fully integrated Web environment. 

Sharing Information

 

Feature

Description

Support for Web Distributed Authoring and Versioning (WebDAV)

WebDAV is an Internet standard that lets multiple people collaborate on a document using an Internet-based shared file system. It addresses issues such as file access permissions, offline editing, file integrity, and conflict resolution when competing changes are made to a document. WebDAV expands an organization's infrastructure by using the Internet as the central location for storing shared files.

Web Folders

Support for Web Folders lets users navigate to a WebDAV-compliant server and view the content as if it were part of the same namespace as the local system. Users can drag and drop files, retrieve or modify file property information, and perform other file system-related tasks. Web Folders let users maintain a consistent look and feel between navigating the local file system, a networked drive, and an Internet Web site.

Support for FrontPage Server Extensions

Windows 2000 Server lets administrators use Microsoft FrontPage Web authoring and management features to deploy and manage Web sites. With FrontPage Server Extensions, administrators can view and manage a Web site in a graphical interface, so creating Web sites with the FrontPage Web site creation and management tool is as easy as clicking a check box on a property page for the Web site. In addition, authors can create, edit, and post Web pages to IIS remotely.

Support for Latest Internet Standards

Using the integrated Web services in Windows 2000 Server, organizations can take advantage of the latest Internet standards to publish and share information over the Web. Microsoft Internet Information Services (IIS) 5.0 complies with the HTTP 1.1 standard, including features such as PUT and DELETE, the ability to customize HTTP error messages, and support for custom HTTP headers. Support for the latest protocols provides optimum performance for Web server connections.

Support for Multiple Sites with One IP Address

With support for host headers, an organization can host multiple Web sites on a single computer running Microsoft Windows 2000 Server with only one Internet Protocol (IP) address. This lets Internet service providers (ISPs) and corporate intranets host multiple Web sites on a single server while offering separate user domains for each site.

News and Mail

Administrators can use Simple Mail Transfer Protocol (SMTP) and Network News Transport Protocol (NNTP) Services to set up intranet mail and news services that work in conjunction with IIS. SMTP is a commonly used protocol for sending e-mail messages between servers; NNTP is the protocol used to post, distribute, and retrieve USENET messages.

PICS Ratings

Administrators can apply Platform for Internet Content Selection (PICS) ratings to sites that contain content for mature audiences. This lets them host a variety of sites and provide information about suitability for particular audiences.

HTTP Compression

HTTP compression allows faster transmission of pages between the Web server and compression-enabled clients. This is useful in situations where bandwidth is limited.

File Transfer Protocol (FTP) and FTP Restart

The File Transfer Protocol (FTP) service, used to publish information to a Web server, is integrated into Windows 2000 Server. FTP Restart provides a faster, smoother way to download information from the Internet. Now, if an interruption occurs during data transfer from an FTP site, a download can be resumed without having to download the entire file over again.

Creating Web-Based Applications

Feature

Description

Active Server Pages

Microsoft Active Server Pages (ASP) lets developers create dynamic content by using server-side scripting and components to create browser-independent dynamic content. ASP provides an easy-to-use alternative to Common Gateway Interface (CGI) and Internet Server Application Program Interface (ISAPI) by letting content developers embed any scripting language or server component into their HTML pages. ASP pages provide standards-based database connectivity and the ability to customize content for different browsers. ASP also provides error-handling capabilities for Web-based applications.

Performance-enhanced Objects

ASP provides performance-enhanced versions of its popular installable components. These objects scale reliably in a wide range of Web application environments.

XML Integration

Just as HTML lets developers describe the format of a Web document, Extensible Markup Language (XML) lets them describe complex data structures. Developers can share this information across a variety of applications, clients, and servers. Using the new Microsoft XML Parser, developers can create applications that enable their Web server to exchange XML-formatted data with both Microsoft Internet Explorer and any server capable of parsing XML.

Windows Script Components

ASP supports the new scripting technology, Windows Script Components. This lets developers turn business logic script procedures into reusable COM components for Web applications and other COM-compliant programs.

Browser Capabilities Component

ASP has a new feature for determining the exact capabilities of a browser. When a browser sends a cookie describing its capabilities (such a cookie can be installed by using a simple client-side script), developers can create an instance of the Browser Capabilities Component that retrieves the browser's properties as returned by the cookie. Developers can use this feature to discover a browser's capabilities and adjust an application accordingly.

ASP Self-Tuning

ASP now senses when executing requests are blocked by external resources and automatically provides more threads to simultaneously execute additional requests while continuing processing. If the CPU becomes overburdened, ASP curtails the number of threads in order to reduce the constant switching that occurs when too many non-blocking requests are executing simultaneously.

Encoded ASP Scripts

Traditionally, Web developers have been unable to prevent others from reading their scripting code. ASP now supports a new script encoding utility provided with Microsoft Visual Basic Scripting Edition (VBScript) and Microsoft JScript 5.0. Web developers can apply an encoding scheme to both client and server-side scripts that makes the programmatic logic unreadable. When unencoded, the logic appears in standard ASCII characters. Encoded scripts are decoded at run time by the script engine, so there's no need for a separate utility. Although this feature is not intended as a secure, encrypted solution, it can prevent most casual users from browsing or copying scripts.

Application Protection

IIS 5.0 offers improved protection and increased reliability for Web applications. By default, IIS runs all applications in a common or pooled process that is separate from core IIS processes. In addition, administrators can still isolate mission-critical applications that should be run outside of both core IIS and pooled processes.

ADSI 2.0

Administrators and application developers can add custom objects, properties, and methods to the existing Active Directory Service Interfaces (ADSI) provider, giving administrators more flexibility in configuring sites. ADSI is a COM-based directory service model that lets ADSI-compliant client applications access a wide variety of distinct directory protocols, including Windows Directory Services and Lightweight Directory Access Protocol (LDAP), while using a single, standard set of interfaces. ADSI shields the client application from the implementation and operational details of the underlying data store or protocol.

 

Bringing Server Operating System Functionality to the Web

Feature

Description

Multisite Hosting

Often Web sites for several departments can run on a single server, freeing a company from spending the time and money to set up and manage multiple servers. Windows 2000 Server offers a comprehensive platform for hosting multiple Web sites on a single server. In addition, the multisite hosting capability in Windows 2000 Server lets ISPs host Web sites that can scale from hosting thousands of small sites on a single server to hosting a great number of sites across multiple servers.

Multiple User Domains

The integration between the Web servers and directory services (the Active Directory) in Windows 2000 Server lets organizations host multiple Web sites with independent user domains—that is, each Web site on a single server has its own user database.

User Management Delegation

This lets an IT or ISP administrator who hosts multiple Web sites on a single server delegate the day-to-day management of the Web site.

Process Throttling

This lets administrators limit the amount of CPU time a Web application or site can use during a predetermined period of time to ensure that processor time is available to other Web sites or to non-Web applications.

Per Web Site Bandwidth Throttling

This lets administrators regulate the amount of server bandwidth each site uses. This lets an ISP, for example, guarantee a predetermined amount of bandwidth to each site.

Integrated Setup & Upgrade

Internet Information Server (IIS) 5.0 installs as a networking service of Windows 2000 Server. Customers with any existing version of Windows NT Server 3.51 or 4.0 will automatically be upgraded to the new Web services in Windows 2000 Server and can take advantage of the new features and services of Windows 2000 Server and IIS.

Microsoft Management Console (MMC) Task Pad

The MMC task pad considerably simplifies the administration of an IIS server. For example, if a user selects a server under the IIS MMC snap-in, the task pad will display wizards for creating new Web and FTP sites. Administrators simply select the task they want to complete, and a wizard walks them through the steps.

Dfs as Filing System for IIS

You can use Microsoft Dfs as the filing system for IIS by selecting the root for the web site as a Dfs root. Doing so lets you move resources within the Dfs tree without affecting any HTML links. (Windows Media Services content can also be stored in the Dfs tree.)

Improved Command-line Administration Scripts

IIS ships with scripts that can be executed from the command line to automate the management of common Web server tasks. Administrators can create custom scripts that automate the management of IIS.

Reliable IIS Restart

Users can stop and restart all Internet services from within the IIS MMC snap-in, which makes it unnecessary to restart the computer when applications become unavailable.

Backing Up and Restoring IIS

Administrators can back up and save metabase settings to make it easy to return to a safe, known state. (A metabase is the structure for storing IIS configuration settings; the metabase performs some of the same functions as the system registry, but uses less disk space.)

Process Accounting

Process Accounting, which is enabled and customized on a per-site basis, lets administrators monitor and log how Web sites use CPU resources on the server. Both system administrators and application developers can use this feature to determine CPU utilization.

Internet service providers (ISPs) can use this information to determine which sites are using disproportionately high CPU resources or that may have malfunctioning scripts or Common Gateway Interface (CGI) processes. IT managers can use this information to charge back the cost of hosting a Web site and/or application to the appropriate division within a company.

Improved Custom Error Messages

Administrators can now send informative messages to clients when HTTP or ASP errors occur on their Web sites. They can use the custom errors that IIS 5.0 provides or create their own.

Configuration Options

Administrators can set permissions for read, write, execute, script, and FrontPage Web operations at the site, directory, or file level.

Remote Administration

IIS 5.0 has Web-based administration tools that allow remote management of a server from almost any browser on any platform. With IIS 5.0, administrators can set up administration accounts called Operators with limited administration privileges on Web sites, to help distribute administrative tasks.

Terminal Services

The Terminal Services support in Windows 2000 Server lets administrators remotely administer IIS by using the Microsoft Management Console (MMC) over a dial-up or PPTP connection. To do this, the Terminal Services client must be installed on client computers.

Centralized Administration

Administrators can use the MMC snap-in for IIS from a computer running Windows 2000 Professional to administer a computer on their intranet running Internet Information Services on Windows 2000 Server.

 

Securing Web Services

 

Feature

Description

Integrated Web Security

The Windows 2000 Server Web services are fully integrated with the Kerberos security infrastructure. The Kerberos Version 5 authentication protocol, which provides fast, single logon to Windows 2000 Server, replaces NTLM as the primary security protocol for access to resources within or across Windows 2000 domains. Users can securely authenticate themselves to a Windows 2000 Server Web site and will not have to undergo a separate authentication (logon) to use other resources.

In addition, Windows 2000 Server now also supports the following standard authentication protocols, which are applicable to Web-based users and ordinary network users alike: 

§                     Digest Authentication: the latest authentication standard of the World Wide Web Consortium (W3C), the organization that sets standards for the Web and HTML. 

§                     Server-Gated Cryptography (SGC): used by financial institutions to transmit private documents via the Internet. 

§                     Fortezza: The U.S. government security standard. 

Secure Communications

Secure Sockets Layer (SSL) 3.0 and Transport Layer Security (TLS) provide a secure way to exchange information between clients and servers. In addition, SSL 3.0 and TLS provide a way for the server to verify who the client is before the user logs on to the server. In IIS 5.0 programmers can track users through their sites. Also, IIS 5.0 lets administrators control access to system resources based on the client certificate.

Digest Authentication

Digest Authentication enables secure authentication of users across proxy servers and firewalls. It offers the same features as basic authentication, but improves on it by "hashing" the password traveling over the Internet, instead of transmitting it as clear text.

For those who choose not to use Digest Authentication, Anonymous, HTTP Basic, and integrated Windows authentication (formerly called Windows NT Challenge/Response authentication) and NT LAN Manager (NTLM) authentication are still available.

Server-gated Cryptography

SGC, an extension of Secure Sockets Layer (SSL), lets financial institutions with export versions of IIS use strong 128-bit encryption. Although SGC capabilities are built into IIS 5.0, a special SGC certificate is required to use SGC.

Security Wizards

These security wizards simplify server administration tasks: 

§                     Certificate Wizard simplifies certificate administration tasks, such as creating certificate requests and managing the certificate life cycle. Secure Sockets Layer (SSL) security is an increasingly common requirement for Web sites that provide e-commerce and access to sensitive business information. The new wizard makes it easy to set up SSL-enabled Web sites on Windows 2000 Server - administrators can easily establish and maintain SSL encryption and client certificate authentication. (A client certificate contains detailed identification information about the user and organization that issued the certificate.) 

§                     Permission Wizard walks administrators through the tasks of setting up permissions and authenticated access on an IIS Web site, making it much easier to set up and manage a Web site that requires authenticated access to its content. 

§                     Certificate Trust Lists (CTL) Wizard lets administrators configure certificate trust lists (CTLs). A CTL is a list of trusted certification authorities (CAs) for a particular directory. CTLs are especially useful for Internet service providers (ISPs) who have several Web sites on their server and who need to have a different list of approved certification authorities for each site. 

IP and Internet Domain Restrictions

Administrators can grant or deny Web access to individual computers, groups of computers, or entire domains.

Kerberos Version 5 Authentication Protocol Compliance

IIS is fully integrated with the Kerberos v5 authentication protocol implemented in Microsoft Windows 2000. This means administrators can pass authentication credentials among connected computers running Windows.

Certificate Storage

IIS certificate storage is now integrated with the Windows CryptoAPI storage. The Windows Certificate Manager provides a single point of entry that lets administrators store, back up, and configure server certificates.

Fortezza

IIS 5.0 supports the U.S. government security standard, commonly called Fortezza. This standard satisfies the Defense Message System security architecture with a cryptographic mechanism that provides message confidentiality, integrity, authentication, and access control to messages, components, and systems. These features can be implemented both with server and browser software and with PCMCIA card hardware.

 

 

 

 

 

he time and money to set up and manage