Deploying IIS 7.0 in the Enterprise
- By William Stanek
Before you deploy Internet Information Services (IIS) 7.0, you should carefully plan the machine and administration architecture. As part of your planning, you need to look closely at the protocols and roles IIS will use and modify both server hardware and technology infrastructure accordingly to meet the requirements of these roles on a per-machine basis. Your early success with IIS 7.0 will largely depend on your understanding of the ways you can use the software and in your ability to deploy it to support these roles.
IIS 7.0 Protocols
TCP/IP is a protocol suite consisting of Transmission Control Protocol (TCP) and Internet Protocol (IP). TCP/IP is required for internetwork communications and for accessing the Internet. Whereas TCP operates at the transport layer and is a connection-oriented protocol designed for reliable end-to-end communications, IP operates at the network layer and is an internetworking protocol used to route packets of data over a network.
IIS 7.0 uses protocols that build on TCP/IP, including:
Hypertext Transfer Protocol (HTTP)
Secure Sockets Layer (SSL)
File Transfer Protocol (FTP)
Simple Mail Transfer Protocol (SMTP)
HTTP and SSL
As you probably already know, HTTP is an application-layer protocol that makes it possible to publish static and dynamic content on a server so that it can be viewed in client applications, such as Microsoft Windows Internet Explorer. Publishing a Web document is a simple matter of making the document available in the appropriate directory on an HTTP server and assigning the appropriate permissions so that an HTTP client application can access the document. An HTTP session works like this:
The HTTP client application uses TCP to establish a connection to the HTTP server. The default (well-known) port used for HTTP connections is TCP port 80. You can configure servers to use other ports as well. For example, TCP port 8080 is a popular alternative to TCP port 80 for sites that are meant to have limited access.
After connecting to the server, the HTTP client application requests a Web page or other resource from the server. In the client application, users specify the pages or resources they want to access by using a Web address, otherwise known as a Uniform Resource Locator (URL).
The server responds to the request by sending the client the request resource and any other related files, such as images, that you’ve inserted into the requested resource. If you’ve enabled the HTTP Keep-Alive feature on the server, the TCP connection between the client and server remains open to speed up the transfer process for subsequent client requests. Otherwise, the TCP connection between the client and server is closed and the client must establish a new connection for subsequent transfer requests.
That in a nutshell is essentially how HTTP works. The protocol is meant to be simple yet dynamic, and it is the basis upon which the World Wide Web is built.
With HTTP, you can configure access to documents so that anyone can access a document or so that documents can be accessed only by authorized individuals. To allow anyone to access a document, you configure the document security so that clients can use Anonymous authentication. With Anonymous authentication, the HTTP server logs on the user automatically using a guest account, such as IUSR. To require authorization to access a document, configure the document security to require authentication using one of the available authentication mechanisms, such as Basic authentication, which requires a user to type a user name and password.
You can use Secure Sockets Layer (SSL) to enable Hypertext Transfer Protocol Secure (HTTPS) transfers. SSL is an Internet protocol used to encrypt authentication information and data transfers passed between HTTP clients and HTTP servers. With SSL, HTTP clients connect to Web pages using URLs that begin with https://. The https prefix tells the HTTP client to try to establish a connection using SSL. The default port used with secure connections is TCP port 443 rather than TCP port 80. See Chapter 10, for more information on SSL.
FTP is an application-layer protocol that makes it possible for client applications to retrieve files from or transfer files to remote servers. FTP predates HTTP, and its usage is in decline as compared to HTTP. With FTP, you can publish a file so that a client can download it by making the file available in the appropriate directory on an FTP server and assigning the appropriate permissions so that an FTP client application can access the document. To upload a file to an FTP server, you must grant an FTP client application permission to log on to the server and access directories used for uploading files.
An FTP session works like this:
The FTP client application uses TCP to establish a connection to the FTP server. The default (well-known) port used for FTP connections is TCP port 21. FTP servers listen on this port for client connection requests. After the client and server establish a connection, the server randomly assigns the client a TCP port number above 1023. This initial TCP connection (with port 21 for the server and a random port for the client) is then used for transmission of FTP control information, such as commands sent from the client to the server and response codes returned by the server to the client.
The client then issues an FTP command to the server on TCP port 21. Standard FTP commands include GET for downloading a file, CD for changing directories, PUT for uploading files, and BIN for switching to binary mode.
When the client initiates a data transfer with the server, the server opens a second TCP connection with the client for the data transfer. This connection uses TCP port 20 on the server and a randomly assigned TCP port above 1023 on the client. After the data transfer is complete, the second connection goes in a wait state until the client initiates another data transfer or the connection times out.
That in a nutshell is how FTP works. As you can see, FTP is a bit clunkier than HTTP, but it is still fairly simple.
With FTP, you can allow anonymous downloads and uploads in addition to restricted downloads and uploads. To allow anyone to access a file, configure directory security so that clients can use Anonymous authentication. With Anonymous authentication, the FTP server logs the user on automatically using a guest account and allows the anonymous user to download or upload files as appropriate. To require authorization to log on and access a directory, configure directory security to require authentication using one of the available authentication mechanisms, such as Basic authentication, which requires a user to type a user name and password prior to logging on and downloading or uploading files.
SMTP is an application-layer protocol that makes it possible for client applications to send e-mail messages to servers and for servers to send e-mail messages to other servers. A related protocol for retrieving messages from a server is Post Office Protocol version 3 (POP3). In IIS 6, full implementations of Simple Mail Transfer Protocol (SMTP) and Post Office Protocol version 3 (POP3) are included. IIS 7.0 does not include SMTP or POP3 services.
With IIS 7.0, a Web application can send e-mail on behalf of a user by using the SMTP E-mail component of Microsoft ASP.NET. An SMTP session initiated by a Web application works like this:
The Web application generates an e-mail message in response to something a user has done.
The System.Net.Mail API (a component of ASP.NET) delivers the email to an online SMTP server or stores the message on disk where it is stored for later delivery.
When sending mail to an SMTP server, the IIS server uses TCP port 25 to establish the connection. SMTP can be running on the local machine or on a different machine.
That is essentially how SMTP is used by Web applications. Microsoft doesn’t provide other e-mail features as a part of IIS. However, a separate SMTP Server component is included as an optional feature that you can install on a computer running a Windows Server operating system.