Special Edition, Using Microsoft BackOffice, Ch. 10

Special Edition, Using Microsoft BackOffice, Ch. 10

10 - Preparing for Internet Information Server
by Azam A. Mirza

Tools and services provided by Microsoft BackOffice for Internet connectivity and utilization - Explore how Microsoft BackOffice leverages its suite of tools and services to provide a comprehensive and integrated solution for connecting to the Internet and developing a presence therein.

Internal versus external Internet Information Servers - Gain an understanding of internal versus external servers and how you can use Internet Information Server to set up Internet servers and Intranet servers.

Resource requirements for running an effective Internet Information Server setup - Learn the requirements for setting up Internet Information Server on your enterprise network. Gain an understanding of the resources required in terms of hardware, software, and human involvement.

How to connect to the Internet - Learn the steps required to establish an Internet connection and how to select an Internet service provider for your physical network connection. Determine the kind of network connection you will need and explore other important aspects.

Guidelines for joining the Internet community - Gain an understanding of what it means to join the Internet community. Determine how your Internet Information Servers will coexist with the rest of the Internet world, how your users can become good Internet citizens, what services you will offer, and the kind of security that will be necessary.

When you are ready to install Internet Information Server (IIS) to provide Internet connectivity to your enterprise users, you must spend some time planning the setup for servers that will be running IIS.
Microsoft Internet Information Server provides organizations wanting to connect to the Information Superhighway with a fast and efficient solution. IIS provides a centrally managed system that allows for the installation, administration, and operation of multiple servers running multiple IIS services from a single Windows NT Server-based computer.
In this chapter, you learn about the planning steps you must take before installing IIS to ensure that your Internet connectivity solution is robust, cost-effective, correct, and serves the needs of your organization. It is always tempting to skip the planning stage and move right into installation and setup. However, with IIS, you must first accomplish certain tasks before you can connect to the Internet. This chapter serves as a checklist of planning stage tasks that you need to perform before moving on to installing IIS in Chapter 11, "Implementing Internet Information Server".

Microsoft BackOffice and the Internet
The Microsoft BackOffice suite of products provides a rich set of built-in functionality for Internet connectivity as part of its core feature set. The Windows NT Server product has built-in support for the TCP/IP protocol suite and applications. With the release of the Internet Information Server as an integrated Windows NT Server product, Microsoft has added support for a World Wide Web (WWW) server, File Transfer Protocol (FTP) server, and Gopher server to the core set of functionality provided by the Windows NT Server.
The tight integration of the BackOffice products allows for the use of features previously not available as a single package. Windows NT Server allows the hosting of WWW servers and Internet-enabled application servers that can be accessed using the Internet Information Server and its set of client browsing tools.

Windows NT Server and the Internet
The Windows NT Server product comes Internet-enabled right out of the box. The TCP/IP protocol suite included with Windows NT Server makes it very easy to get up and running on the Internet. The core TCP/IP protocol suite included with Windows NT Server includes:

TCP/IP network protocol. The networking protocol that allows computers to communicate with each other using the TCP/IP standard as the communications mechanism. See Chapter 8, "Using TCP/IP With Windows NT Server," for more information.

FTP Client. The FTP (File Transfer Protocol) program used to transfer files between a user's computer and a remote computer.

FTP Server Service. A high-level TCP/IP protocol that runs as a Windows NT service allowing users to connect to a Windows NT server using FTP client software for transferring files. The FTP server facilitates communications between the Windows NT Server and the FTP client.

Telnet Client. A TCP/IP based program for connecting to remote computers for the purpose of running command-line programs on the remote machine.

Dynamic Host Configuration Protocol (DHCP). Allows workstation computers running the TCP/IP protocol to dynamically obtain IP addresses from a Windows NT Server. Every computer running TCP/IP must be assigned a unique IP address, and the DHCP protocol facilitates that by centrally managing the assignment of these IP addresses.

Windows Internet Naming Service (WINS). Allows computers to resolve NetBIOS names to IP addresses. This is somewhat analogous to the function provided by a DNS, which resolves TCP/IP domain names to IP addresses.

Remote Access Service(RAS) Connectivity using SLIP and PPP. Allows users to connect to Windows NT Server machines and other Internet host computers using the Serial Line Internet Protocol (SLIP) or the Point-to-Point Protocol (PPP). These protocols allow the use of the TCP/IP protocol when connected to the network with a modem.

Internet Connections Using the Remote Access Service (RAS)
There are several different ways to connect to the Internet using Windows NT and RAS. RAS allows connection speeds anywhere from 2400 bits per second (bps) to 128 kilobits per second (Kbps), with full support for modems, ISDN, and X.25 connectivity. Using RAS client software, the user can remotely connect to an Internet host (perhaps even a computer running UNIX) that supports SLIP or PPP connections using a modem, for example. Once connected, they can use graphical tools such as a WWW browser or the traditional command-line tools such as FTP and telnet. For a complete discussion of Windows NT Server RAS capabilities see Chapter 7, "Implementing Remote Access Service (RAS)."
Another method of using Windows NT and RAS, and the one that is most commonly used, is to set up a RAS server on a LAN with a direct connection to the Internet. Mobile and home users can then dial into the RAS server and connect to the Internet. Some corporate sites set up a RAS server isolated from the rest of the corporate LAN to provide a degree of security. Users can then dial into two different RAS servers, one for Internet access and one to get to the corporate LAN.
The RAS client and server products provide support for the most popular protocols (NetBEUI, IPX/SPX, and TCP/IP using SLIP or PPP). The breadth of features and the simplicity of configuration and administration make the RAS solution ideal for providing remote connectivity for mobile and home-based corporate users.
In addition, RAS has full support for Windows NT security and other dial-up security schemes such as the Challenge Handshake Authentication Protocol (CHAP) and the Password Authentication Protocol (PAP) for connecting to Internet hosts running a multitude of operating systems. Figure 10.1 shows some of the security features available in RAS for authenticating users connecting to Internet hosts and Windows NT servers.
Fig. 10.1 RAS permits user authentication using a multitude of security schemes.

Internet Information Server
IIS provides an integrated set of services for managing all your Internet connectivity needs. The combination of popular Internet services with a centrally managed environment make IIS an ideal choice for your Intranet or Internet servers.
The Internet Information Server (IIS) was designed from the ground up to be an integrated part of the Microsoft Windows NT Server platform. IIS runs as a set of integrated Windows NT Server services leveraging the built-in features of Windows NT Server (that is, Service Manager, Performance Monitor, and the Windows NT Server security features).
IIS offers a high-speed, secure, and robust means of publishing information on the Internet. The Internet security options such as the Secure Sockets Layer (SSL), Secure Transaction Technology (STT), and the Cryptography Application Programming Interface (CAPI) also provide a method of conducting safe and secure transactions on the Internet. They also provide for the building and deployment of Internet-enabled applications that use the latest in encryption and security technologies.
The Internet Information Server includes the following features:

World Wide Web service

FTP service

Gopher service

Internet Service Manager

Internet Database Connector
Each of these features is described in the following sections.
See "A Flexible Set of Services," (Chapter 2)
See "Security for Your Internet Server," (Chapter 11)

World Wide Web Service
The WWW service delivered within IIS provides a powerful mechanism for publishing information to a large user base. Furthermore, the functionality available in the WWW service provided by IIS is not limited to just creating static HTML pages.
The World Wide Web service in IIS allows users to immediately publish existing files, WWW documents, and other information for access by the Internet community or for local LAN access by the corporate network.
The WWW service feature set includes:

Performance optimization under the Windows NT Server architecture

The Windows NT Server Directory Services, which require user IDs and passwords for protected WWW documents

Integration with the Windows NT security model, which allows for a very secure WWW server

Virtual directories, which allow for the publishing of existing files from Windows NT and NetWare servers for viewing by WWW browsers

Built-in SSL security, which provides for secure financial and commercial transactions across the Internet

Virtual server capability, which allows for hosting of multiple WWW sites on one Windows NT Server computer, thus making management and administration simpler

Graphical administration of all aspects through the Internet Service Manager
Figure 10.2 depicts the WWW Server administration screen of the Internet Service Manager.
Fig. 10.2 The IIS administration utility, called the Internet Service Manager, includes a graphical interface for administration of services.
The WWW service within IIS supports the capabilities to execute programs on the server, create and use dynamic Web pages, manage and organize your published information in directory trees, and provide users access to your server directory structure using virtual servers and virtual directories.
Each of these features of the WWW service is discussed in the following sections.
See "HyperText Markup Language," (Ch. 9)

Server Applications
An important aspect of any well-designed WWW site is its capability to allow users to execute remote programs on the server using hypertext links. In addition to using hypertext links to execute applications, users can also trigger application execution by filling out an HTML form and submitting it for processing by the server.

The capability to execute programs on your WWW server does increase the security risk involved by allowing unauthorized users a chance to break into your system using the application. Extra care should be taken to prevent users from gaining read/write access to your program executables and script files.
The WWW service within IIS fully supports the concept of running server-based applications by providing support for the standard called the Common Gateway Interface (CGI).
IIS also supports a new Application Programming Interface (API) for writing Internet-enabled applications called the Internet Server Application Programming Interface (ISAPI). Both the CGI and the ISPAI methods allow you to write applications that can do almost anything. You can use any language such as C/C++ or Visual Basic to write applications that can be run using the CGI or ISAPI interface.
Using the CGI method, you can execute operating system batch language scripts (for example, BAT or CMD files) to execute programs for your WWW service. The ISAPI method differs from CGI in one important aspect. ISAPI programs are compiled as dynamic link libraries (DLLs) that are loaded by the WWW server at server startup. This provides ISAPI applications with a performance edge over CGI based scripts or applications.
See "Common Gateway Interface," (Ch. 9)

Managing Directories
The WWW service allows you to organize the information you want to publish in directories in a manageable manner. By distributing information across multiple directories, you can divide information into logical collections. The WWW service can then be configured to allow users access to these directories, all their subdirectories, and the files stored in them.

Whenever you install a new WWW server, IIS automatically creates a root directory for your server. The root directory, \INETSRV\WWWROOT by default, is given the alias "Home". It is the starting point for all Web browsers to begin viewing the information published by your WWW server.
In addition to using the Home directory for publishing information, you can also use the concept of virtual directories to publish information. Virtual directories allow you to distribute information across directories that are not subdirectories of the Home directory. They can also be used to place information on a different drive or a network drive. A discussion on how to create virtual directories for WWW publishing is presented in the section titled "Directories" in Chapter 11.

All virtual directories being used by your WWW service must reside within the same Windows NT domain.
Even though virtual directories might exist anywhere within your Windows NT domain, they are presented to the user as a single directory tree existing as subdirectories of the Home directory. The Home directory is the root of all directories being used by your WWW service. This makes it simple to present the information to the user in a manner that can be easily navigated.

Virtual Servers
Virtual servers allow you to create more than one WWW server on the same machine. By default, every machine has a single domain name and IP address (for example, www.mcp.com or 199.177.202.10). Virtual servers allow you to attach additional IP addresses and domain names to a server to make it appear that you are using multiple servers to service user information needs.
You might want to create WWW servers for different departments within your enterprise - for example, marketing and systems. You do not need to set up a different machine for each department's WWW server. You can use a single machine by creating virtual servers on that machine called marketing.mcp.com and systems.mcp.com.
By segmenting the same machine into multiple virtual servers, you can divide the information you publish into logical collections and use the same machine to hold the information content. Users wanting to connect to the marketing information will go directly to the marketing WWW site, and users wanting to connect to systems information will go directly to the systems WWW site.
Information on how to configure the WWW service in IIS, including the previously defined features, is presented in the next chapter.
See "Using Property Sheets to Configure Your Internet Information Server," (Ch 11)

FTP Service
The FTP Service built into the Internet Information Server provides some powerful features for allowing FTP access to your site. The FTP server supports anonymous logon facility for providing access to the Internet community for file uploads and downloads for an IIS Server site. The virtual directories and virtual browsing functions of the IIS server allow administrators to provide fast, efficient access to the directories and files available on the network. The integrated security built into IIS allows the administrators to restrict access based on user IDs and passwords to files and directories.
The FTP service allows users to use tools such as Internet Explorer to connect to your FTP server. You can also use other ftp client software such as the Windows NT FTP client to connect to the FTP server.
The WWW service has replaced or enhanced most of the functionality available through FTP. However, the WWW service cannot be used to copy files from the client to the server. FTP is the only service that provides this functionality.

Extreme care should be exercised when allowing users to copy files to your server. Make sure that you check all files for viruses. It is a good idea to limit incoming files to a single directory to facilitate the process of checking them.
FTP provides an easy, simple, and maintainable system for publishing a large number of files. FTP allows transfers of files no matter what format they are in. You can use FTP to transfer text, image, or executable files.
Figure 10.3 shows the FTP Server Service administration screen of the Internet Information Server.
Fig. 10.3 You can use the Internet Service Manager included with IIS to administer an FTP server.
See "FTP," (Ch. 11)

Gopher Service
The Gopher service in IIS allows you to publish information from large file archives. The IIS Gopher service supports all features of the Gopher standard. In addition, the Gopher service in IIS supports the Gopher+ selector strings, which allow clients to obtain additional information from the server, such as the Gopher server administrator name. You can use tag files on your Gopher server to enable links to other Gopher servers across the enterprise or the Internet.
The Gopher service allows corporations to provide a graphical point-and-click interface for its users to access information stored in online databases. Figure 10.4 shows the Internet Information Server administration screen for the Gopher service.
Fig. 10.4 The Internet Service Manage can also be used to administer the Gopher service in IIS.
The Gopher server in IIS can be used to set up corporate catalogs of employee information accessible only by the corporation employees. It can be used to publish a catalog of company products for browsing by customers over the Internet. It can also be used as an online reference system for product user manuals.
See "Gopher," (Ch. 11)

Internet Service Manager
The Internet Service Manager is the graphical tool for centrally managing all functions of the Internet Information Server. The Internet Service Manager provides a common administration point for managing the WWW Server service, the FTP service, and the Gopher service. Figure 10.5 shows the Internet Service Manager main screen for administering the WWW, FTP, and Gopher services.
Fig. 10.5 The Internet Service Manager provides a single point of administration for all IIS services.
See "Using the Internet Service Manager," (Ch. 11)

Internet Database Connector
The Internet Database Connector allows IIS to provide connectivity to the Microsoft SQL Server database using the Open Database Connectivity (ODBC) interface. The Internet Database Connector enables organizations to develop database-enabled WWW applications. This is an important feature that allows users access to the corporate data from anywhere in the world using the Internet.
The IIS integration with SQL Server using the ODBC gateway provides for a fast and consistent approach for developing database-enabled Internet applications. ODBC is a standard that is used extensively in the Microsoft Windows world for connecting to remote databases.
The integration of Windows NT Server security features within SQL Server and IIS provide for a secure database connectivity option. By using Windows NT security, users running database-enabled applications can be authenticated by Windows NT Server and SQL Server before they are granted access to enterprise data. The ODBC drivers for SQL Server are included with IIS.
See "ODBC," (Chapter 29)

Services to Offer Using IIS
An important part of planning your IIS configuration is the type of services you will be offering. IIS provides control over which services you can install, set up, and run as part of your Internet implementation plan. The type of services you offer depend on what your intent is in using IIS. If you want to run a server exclusively providing WWW services (without FTP and Gopher) to your enterprise and/or the Internet community, then you can install just the WWW service. Many organizations are using IIS to implement WWW services only. The Web is a powerful and flexible system that provides a great deal of impact. However, WWW is probably the most complex and time consuming of the three services to set up, run, and maintain.

The complexity in running a WWW site stems from its enormous flexibility and breadth of features. Creating attractive and useful content for WWW sites demands much time and effort.
If your intent is to provide file transfer capabilities for your users, then you can implement the FTP service. It provides a fast and simple way of transferring files between remote machines. The FTP service included with IIS is very easy to set up and maintain. Setting up FTP, however, does require that you pay special attention to security concerns to safeguard your system against potential intruders.
FTP is also the only one of the three services that allows client machines to transfer files to your IIS machine. If you wish to provide users with the capability to upload files to your system, then you must use the FTP service included with IIS.
The Gopher service is similar to FTP but provides enhancements such as menu structures, hyperlinks, and richer content formatting capabilities. Gopher services are easy to set up under IIS. Gopher servers are most suited to publishing textual, static information that does not require the overhead involved in implementing HTML Web pages. The most widely used implementations of Gopher servers are for library catalogs, phone directories, and other text-based information stores. If you would like to build a fast and easy catalog system, then Gopher is the service of choice.
See "WWW Publishing," (Chapter 11)
See "FTP Publishing," (Chapter 11)
See "Gopher Publishing," (Chapter 11)

Microsoft Internet Tools
In addition to the server-based Internet tools provided by BackOffice, Microsoft provides a full array of tools for the client-side requirements of the Internet world. The Microsoft Internet tools strategy includes tools for WWW browsing, WWW authoring, WWW site maintenance, the extension of Microsoft Office products to support the creation of WWW-based applications, and the Visual Basic scripting language for creating Internet-enabled applications. These tools include:

Internet Explorer and VRML Add-In

Internet Studio

Microsoft FrontPage

Internet Assistants for Microsoft Word, Excel, and PowerPoint

Microsoft Viewers for Microsoft Word, Excel, and PowerPoint
The following is a brief description of each of these Internet tools for enabling client access to the Internet and the WWW.

Internet Explorer and VRML Add-In
Internet Explorer 2.0 is the latest Microsoft WWW browser product. The Internet Explorer supports the HTML version 3.0 specification. With the VRML add-in, the Explorer software allows users to explore virtual reality sites.
The Internet Explorer feature set includes:

Full support for multimedia extensions that allow the use of background audio, scrolling marquees, and inline images.

32-bit architecture under Windows 95 and Windows NT.

Consistent interface with the Windows 95 graphical user interface.

Support for multiple threads for downloading multiple files simultaneously.

Support for Usenet news reading.

Support for displaying tables on a Web page. Tables allow WWW browsers to display information in a tabular format, such as a listing of stock quotes.

Support for the Secure Sockets Layer security scheme for electronic commerce.

Availability on Windows, Windows 95, Windows NT, and the Apple Macintosh.

Support for VRML.

Availability in more than 20 languages.
Figure 10.6 shows the main screen for the Microsoft Internet Explorer 2.0 WWW browsing software.
Fig. 10.6 Microsoft Internet Explorer 2.0 can be used to browse WWW sites anywhere on the Internet, or on an Intranet.

Internet Studio
Microsoft Internet Studio is the high-end WWW publishing tool developed by Microsoft for providing sophisticated WWW document authoring and content development capabilities for commercial and professional WWW developers. Internet Studio offers features such as frame-based layouts, interactive Web pages, and other HTML version 3.0 extensions for creating sophisticated WWW content. Frames are used in desktop publishing for organizing text around figures and pictures and in multicolumn layouts.

Microsoft FrontPage
Microsoft FrontPage is a component of the suite of Microsoft tools for doing WWW-based publishing and creating HTML documents. FrontPage contains a sophisticated set of WWW publishing tools that require no programming to create attractive and fully functional HTML-based Web pages. This is in contrast to other HTML development tools that require extensive knowledge of HTML syntax to create Web pages. Figure 10.7 shows the main screen for building Web pages using Microsoft FrontPage.
Fig. 10.7 Microsoft FrontPage allows the creation of Web pages using a graphical interface.
FrontPage supports a full range of WWW authoring, scripting, and WWW site management tools. FrontPage supports the following features:

FrontPage Editor for creating and editing HTML pages

FrontPage Explorer for graphical management of a WWW site

WebBots, similar to Microsoft Office Wizards, for implementing the most common WWW functionality, such as text searches, feedback forms, and threaded discussion forums, without any programming or complex setup

Wizards to help automate common WWW authoring tasks

To-do lists for keeping track of the WWW site creation and management process.

Internet Assistant for Word, Excel and PowerPoint
The Internet Assistant for Microsoft Word, Excel, and PowerPoint is an add-on product that allows users to create and edit WWW documents directly from within the Microsoft Office applications. With Internet Assistant, users can author documents for the WWW with no HTML or Internet experience.
Internet Assistant converts documents created in Word, Excel spreadsheets, and PowerPoint presentations automatically to HTML, preserving standard formatting elements such as lists, headings, and bold/italic formatting. It also provides a special template for adding hyperlinks, definitions, forms, preformatted text, and other HTML elements. If you want to include HTML elements not directly supported by the Internet Assistant template, you can use the HTML Markup command, which allows you to include native HTML codes in your document.
Internet Assistant is a cost-effective solution for doing Web page creation because it is available free of charge from Microsoft. It provides the following features:

Familiar authoring and editing environment. Internet Assistant uses the Microsoft Office Environment as its interface and thus provides a familiar set of tools for formatting and other activities such as spell checking.

Automatic file conversion. You can create a WWW document from a Word document, Excel spreadsheet, or PowerPoint slide by simply choosing File, Save As from the menu and choosing the HTML file format.

HTML version 2.0 support. Internet Assistant automatically converts formatted text such as italics to appropriate tags in an HTML document.

Additional HTML support. Provides support for additional HTML elements by using the HTML Markup command.

Beyond HTML. If you'd like to preserve multiple columns, text-wrapping features, embedded objects, and other Word features that HTML does not support, you can publish your document with Microsoft Viewer (discussed in the following section), which preserves the native format of the document.

Hyperlinks. You can create links between documents on the Internet, on a local network, or on your hard drive.

Microsoft Viewer for Microsoft Word, Excel, and PowerPoint
Microsoft Viewer for Microsoft Word, Excel, and PowerPoint allows Internet users to view and print Word documents, Excel spreadsheets, and PowerPoint presentations without having the products installed. This makes it possible to have access to Microsoft Office-based documents that are posted on the WWW, in newsgroups, or downloaded from FTP sites.
For example, a user might access the Microsoft WWW site and download a product description document that is in Microsoft Word format. If the user does not have Microsoft Word installed on his or her machine, the user can still view the document using the Microsoft Viewer for Microsoft Word.

Internal versus External Internet Information Servers
The first decision that your organization needs to make is the kind of servers you will be running. IIS can be configured to run as an internal server for your enterprise, as a server providing information to the external world of the Internet, or both.
The two kinds of IIS setups that your organization can establish are:

Intranet servers. These are internal servers that allow organizations to set up IIS machines for internal use by their enterprise users.

Internet servers. These are external servers that allow users from the rest of the Internet community to access your IIS machines in addition to your enterprise users.
The following sections discuss these IIS setups in more detail.

Intranet Servers
Intranet servers are set up by organizations to publish information internally within the enterprise. The WWW service capabilities of IIS provide a powerful and cheap alternative to other forms of internal communications and information sharing. By publishing internal information content on an IIS-based WWW site, organizations can drastically cut costs of maintaining large databases of information in paper form.
Organizations around the world are using Intranet servers to publish information for internal enterprise use, such as:

Employee phone books. Rather than use a paper-based phone directory, employees can access a WWW service running on an IIS machine to obtain the same information.

Corporate employee handbooks. Organizations can publish their employee guidelines handbooks as a WWW document using IIS and provide employees access to the information.

Training Manuals and User Guides. Manuals for internal software packages and user guides can be converted to electronic Web pages with hypertext links to provide employees online access to the information.

Forms. Medical claims forms, purchase order forms, and employee census data forms can be published using IIS WWW services for access by employees.
The preceding list is just a sampling of the things made possible by setting up an Intranet using IIS.

Setting up a test Intranet server running IIS services is a good way to become familiar with running an IIS site. The steps for setting up such a server are described in Chapter 11.
Intranet servers provide another very important advantage over other forms of online information publishing solutions. Because client browsers are available for all kinds of computer platforms, it is possible to make the information published by using IIS machines available to users of any kind of computer within the enterprise. You do not have to worry about supplying information content to different computer platforms.
You can set up an IIS machine using Windows NT Server and not worry about what operating system the client machines are running. Users with machines running Windows, Windows NT, Windows 95, System 7, OS/2, UNIX, and other operating systems can all gain access to the information published by your IIS machine using the appropriate client browsing software.
Figure 10.8 shows a sample Intranet server setup, using IIS, for an enterprise network.
Fig. 10.8 This figure shows a network diagram depicting a typical Intranet including an Internet Information Server, a SQL Server database server, and a Windows NT Server domain controller.
See Intranet, (Ch. 3)

Internet Servers
Internet servers are IIS machines that allow users from the Internet community access to your published information content. You can set up IIS machines to run WWW, FTP, and Gopher services to allow Internet users to access your information. See Chapter 9, "Understanding the Internet," if you need to review the characteristics of these services.
Internet servers are springing up around the world from organizations trying to attract the Internet community to their product and service offerings. They are being used to provide product catalogs, specifications, product support, and even to take orders.
IIS includes capabilities that provide you with a complete solution for putting your organization on the Internet map. Its WWW, FTP, and Gopher services are designed to handle large volumes of data, handle many concurrent user connections, and provide users easy access to information.
Figure 10.9 presents one possible method of integrating an IIS machine into your enterprise network for providing information to the Internet community.
Fig. 10.9 In this sample Internet server setup, an optional firewall is depicted to protect the enterprise network from tampering by unauthorized users attempting to breach the Internet connection.
In the rest of this chapter, you are presented with some of the important issues you must consider before you set up an IIS site for Internet publishing.
See Business Value of the Internet, (Chapter 9)

Resource Requirements
An important consideration in developing an Internet presence is the resources your organization is willing to invest in developing the infrastructure for running an effective IIS site. Running an IIS site requires investments in the following resources:

Hardware

Software

Human
The following sections discuss these resources in more detail.

Hardware
The amount of traffic your IIS machine will handle determines the kind of hardware platform you need. A checklist of hardware items that you need to set up an IIS site includes the following:

Computer System. A machine that will run your IIS site

Router. A device used for routing TCP/IP traffic over the Internet

Internet Connection. A connection to the Internet, such as an ISDN line or a T1 leased line
The choices available in terms of the computing platform are numerous. The first choice to make will be the kind of processor your IIS machine should use. IIS is available for the following processor systems:

Intel

MIPS

Alpha

PowerPC
Any one of the preceding systems would be a good choice for running your IIS site because IIS is equally supported on these platforms. Multiprocessor systems are also an option when considering a system for an IIS site because of their higher processing power. You can monitor the processor utilization of your IIS machine using the Performance Monitor tool included with Windows NT.
You should get as much memory as possible in your system for better performance. If you are going to be running a site that will handle many users and numerous simultaneous connections, you should start with at least 32M of RAM. If your server has additional services running on it (for example, SQL Server, Exchange Server, and so on), you should add at least an additional 16M for IIS. You can monitor the memory usage of your IIS machine using the Performance Monitor tool provided with Windows NT to see if your server would benefit from the addition of more memory.
Another important consideration is the available hard disk space. HyperText Markup Language (HTML) documents can take up a lot of disk space. If your site is going to use multimedia features such as sound, images, and video clips, you will need a large amount of space to store multimedia files, perhaps several gigabytes or more. Make sure that your machine has enough hard disk space and can be expanded easily in the future. You can monitor the hard disk usage and performance of your IIS machine using the Performance Monitor tool provided with Windows NT.

Get a hard disk subsystem that is as fast as possible. The most time-consuming aspect of running IIS services is the hard disk access while loading Web pages or transferring files using FTP.
Deciding whether you should buy a new machine for running IIS or use an existing system depends on your needs and the funds available for setting up your IIS machine.
See Using the Performance Monitor, (Ch. 30)

Software
The IIS software itself is a part of the BackOffice suite of applications. However, you will need other software to set up a complete IIS site. IIS provides all pieces for setting up WWW, FTP, and Gopher sites. However, to create content for these sites, you need to acquire additional software packages. Content creation for your WWW service requires using software packages such as Microsoft Internet Studio, Microsoft FrontPage, or Internet Assistant for Microsoft Word. Other WWW content creation packages also are available.
In addition to the software already mentioned, you may need additional applications if you want to create a server that attracts attention and generates excitement by taking full advantage of multimedia data types and uses the latest techniques. If this is your goal, you should investigate applications for the following:

Creating, capturing, and digitizing images

Creating sound files

Capturing video

Compressing files
A multitude of choices is available in each of the preceding software categories; make your decisions based on available features, cost, and your own preference.

Human
Operating an IIS site requires your organization to devote some human resources. You need a person or group of people to manage your various servers and services. Many options are available for deciding how you can allocate human resources to manage your Internet connectivity. The following guidelines help you to estimate the number of people needed to operate your IIS site. Figure 10.10 shows how human expertise is utilized in putting together an IIS site.
Fig. 10.10 Expertise in various aspects of Internet and network administration are needed to operate an IIS site.
The following list is more an indication of the kind of tasks that need to be performed to operate an IIS site. It is not necessary to assign a different person to each of the preceding jobs. For example, one person might be the WebMaster, FTP administrator, and Gopher administrator for your entire enterprise, or you might need separate people to do each of those jobs. The choice depends on how much activity is handled by your IIS site.

Network administrator. You need a network administrator for setting up and managing the machine and the Internet connection. The network administrator needs to be proficient in TCP/IP networking and related issues such as router setup and configuration.

WebMaster. A WebMaster is the person in charge of operating your WWW site. The WebMaster has ultimate responsibility on the content of your WWW site, its policies, usage control, and all other related issues.

FTP administrator. The FTP administrator is responsible for operating the FTP service.

Gopher administrator. The Gopher administrator is responsible for operating the Gopher service.

WWW content developer. WWW content developer is responsible for the creation of content for your WWW site using HTML development tools.

Programmer. Person responsible for creating Common Gateway Interface (CGI) applications.
If you are operating a site where the content stays static most of the time, you might be able to administer the entire suite of IIS services using one person. If you operate a site with a lot of published content that changes regularly, however, you might need more than one person to manage all your services. The choice depends on how much work there is to do.
See "Organize Administration Teams," (Ch. 3)
See "HyperText Markup Language," (Chapter 9)
See "Common Gateway Interface," (Chapter 9)
See "Using CGI," (Chapter 11)

Connecting to the Internet
To join the Internet community and provide other Internet users access to your IIS site, you must have an Internet connection. Internet connections are provided by commercial connection providers called Internet service providers (ISP). ISPs sell Internet connections based on a variety of pricing and connectivity schemes. When acquiring an Internet connection, consider the following points:

Choosing an Internet service provider

Cost

Bandwidth requirements

Special connectivity issues
Each of these topics is discussed in the following sections.

Choosing an Internet Service Provider
Thousands of ISPs around the world provide Internet connectivity. ISPs exist in all flavors and sizes from companies like Sprint, MCI, and AT&T to small local and regional organizations. Figure 10.11 illustrates the role an ISP plays in providing your Internet connectivity.
Fig. 10.11 ISPs provide connectivity by selling commercial Internet connections.
Pricing for Internet connections is based on the kind of connection you desire and the speed of connection. Prices vary widely from ISP to ISP. The larger national providers probably will cost more than the smaller, local ISPs. The larger ISPs claim reliability, customer service, and quality as their selling points. Local providers tout the personal attention and easy accessibility of their services. The field is so crowded and so many options are available that Internet connections have become a place for price wars. ISPs are constantly touting their lowered prices and increased bandwidth.

Select an ISP that provides good, reliable connectivity. Reliability of connection is the single biggest complaint against most ISPs.
Some things you should consider when selecting an ISP are as follows:

Customer base. How many customers does the ISP have in your region? Who are their customers? Are they organizations that are likely to have needs similar to your own?

History. How long has the ISP been in business? Will they still be in business next year?

Reputation. What kind of reputation does the ISP have around town? Are current customers satisfied with their service?

ISP connection to Internet. What kind of connection does the ISP have to the Internet. The higher their connection speed, the more traffic they can handle. Most ISPs have speed problems because they do not have sufficient bandwidth available for the number of customers they have. See the next section, "Bandwidth Requirements," for more information.

Customer service. How big is the customer support staff? What is the ratio of customer support personnel to customers? Do they handle problem calls in a timely manner? Do they have free on-site service? Is the support staff knowledgeable? Do they provide free support for the first 30 days?

Connection speeds. What kind of connection speeds does the ISP provide? The more choices they have, the more options you have for upgrading in the future to higher speeds.

Cost. What is the pricing structure? Compare costs between ISPs. Do they have a flat monthly rate or do they charge by connection time? Do they have any up-front setup charges? Some ISPs charge exorbitant setup charges.

Bandwidth Requirements
Internet connections come in a variety of speed choices. For running IIS based sites, anything less than a 56,000 Kbps connection is not enough. Your choice of a connection speed depends on how much traffic you will experience. Start with a suitable speed and upgrade if you experience speed problems as more people find out about your site.

Modem connections are not recommended for running an IIS site. The typical modem speeds of 14,400 Kbps to 28,800 Kbps are not fast enough to handle traffic created by IIS sites.
Bandwidth options are available in a variety of speeds. Table 10.1 lists some options available to you.

Table 10.1 Bandwidth Options Available for Sites Running IIS
Connection Type Bandwidth (Kbps)
Leased Line 56
Frame Relay 56
ISDN 128
Fractional T1 56 - 1,540
T1 1,540
T3 45,000
Leased line, Frame Relay, and ISDN connections can handle light traffic up to about 25 to 50 simultaneous connections. Fractional T1 and T1 lines can handle anywhere from 100 to 1,000 simultaneous users. Organizations that handle thousands of users at a time have multiple T1 connections or even a T3 connection.

Start with a connection speed sufficient enough to get you up and running and test your IIS site setup. If in the future you need to upgrade, you can always do so.

Special Connectivity Issues
This section discusses some other connectivity issues that you must tackle before your Internet connectivity is completed. These issues are as follows:

IP addresses and DNS registration. You need IP addresses and DNS name registration for your IIS machines and other computers you are going to connect to the Internet. Most ISPs take care of obtaining IP addresses and registering your DNS domain name for you. To register your organization yourself, you must contact InterNIC (Network Information Center).

You can contact InterNIC via e-mail at info@internic.net or by phone. In the USA call 1-800-444-4345. In Canada or elsewhere call 1-619-455-4600. From overseas, you may need to use a country code to access the USA when dialing.

Domain name selection is an important step. Make sure that you select a name appropriate for your organization. You cannot change your domain name after it is registered. For example, Macmillan Computer Publishing USA has a registered domain name of mcp.com.

Router. As shown earlier in figure 10.9, you need a routing device to route traffic from your IIS machine to the Internet. Most ISPs provide a router at their end and require you to purchase a router for your end of the connection. Many router products are available on the market; make your selection based on your needs, future upgradability, and cost.

Windows NT Server can be set up to provide software routing of your TCP/IP packets. You can accomplish this task by using static routing tables and the ROUTE.EXE application included with Windows NT Server. Use of this utility is beyond the scope of this book. Consult volume 2 of the Windows NT Resource Kit, Windows NT Networking Guide, for more information.

Simple Mail Transfer Protocol (SMTP) mail gateway. You need to route e-mail traffic between your Microsoft Exchange Server and the Internet. Your ISP should provide you with an SMTP routing setup at their end, and you should install an SMTP gateway at your end to accept traffic from the ISP's e-mail server.

Microsoft Exchange Server includes an SMTP gateway called the Internet Mail Connector as part of the server product.

DNS name resolution. You also need DNS name resolution capabilities to be able to resolve IP addresses to domain names. DNS software is now available for Windows NT, and Microsoft has suggested that it may be included in the next release of Windows NT Server. You can set up your own DNS server on the same Windows NT server machine as IIS, or you can have your ISP provide DNS name resolution for you. Most ISPs will provide DNS services for free or for a nominal fee.
See "Domain Name Service (DNS)," (Chapter 8)
See "Domains and Addresses," (Chapter 9)
After you have resolved all the connectivity issues and established an Internet connection through an ISP, you are ready to join the Internet community and establish servers running IIS to make the Internet world aware of your organization and the information it provides. The next section discusses some of the issues that you must address to become a good Internet citizen.

Joining the Internet Community
After you have joined the Internet community, you must pay attention to the practices and laws of the Internet. The IIS machines that you will be connecting to the Internet will provide information content or services to the rest of the Internet world. You must decide on the services you will offer to the Internet using IIS; you need a plan to safeguard your IIS machines against security breaches; and you need to educate your organization about the Internet.
Some things to consider when becoming a part of the Internet include the following:

Planning your Internet Information Server

Service to offer using IIS

Security plan for IIS

User education and training
The following sections discuss each of these topics.

Planning Your Internet Information Server
When you begin to set up an IIS site, you will start by setting up a single machine running IIS services for test purposes. However, it is important to plan for the future and remember how you will finally be setting up your enterprise-wide Internet infrastructure. Figure 10.12 illustrates how you can have multiple IIS machines running across the enterprise.
Fig. 10.12 Running multiple IIS machines across the enterprise.
Based on your requirements for how IIS fits in to your Internet plans, you might decide to set up more than one machine running IIS services. Or you might decide to run multiple virtual servers on the same IIS machine. This is described in more detail in the next chapter.
You can configure IIS servers in a variety of ways. It is possible, for example, to run the services offered by a single logical IIS server on more than one computer. To a client computer, the services would appear to be provided by a single machine. Here are two possible ways you can implement IIS services:

Servers. Each machine running all three IIS services. For example, you might have three departmental IIS machines running all three IIS services.

Services. Different machines running IIS services for WWW, FTP, and Gopher. For example, you might have three IIS machines with one running WWW service, another running only FTP service, and the third running Gopher service only.
These two choices depend on how your IIS sites will be utilized. You might decide to run departmental IIS sites to handle each department's Internet needs individually. In that case, you will need to run IIS machines that provide all three IIS services for each department. If you decide to run enterprise-wide IIS sites, then you might decide to have one machine run only one service to alleviate network traffic and also to separate administration and maintenance of machines based on service type.
See "Virtual Servers," (Chapter 10)

Security Plan for IIS
One of the most important planning stage steps is handling the security issues involved with operating IIS sites. When you set up your IIS site, pay special attention to security issues so that you do not provide access to sensitive company information to people from outside your enterprise.
IIS provides a flexible security model for making sure that your machines and network are safeguarded against unauthorized intrusion.
In addition to the security measures offered by IIS, you can take extra steps to ensure that your IIS machines are protected:

Set up firewalls to prevent unauthorized access to your network.

Firewalls, screening routers, and other similar security measures can limit who has access to your IIS sites. For example, you can filter user traffic based on IP addresses or security keys. If the remote client trying to connect to your machine is not on the list of allowed clients, it will not be granted access to your IIS site.

Separate your Windows NT Servers running IIS from the rest of your enterprise network by placing them in their own domain. Then set up a one-way trust relationship to allow only one-way access. Allow users from your enterprise network to access the IIS machines, but do not allow any user accounts from the domain containing the IIS machines (especially Guest!) to access your network. Run all the IIS services in the security context of a service account from the untrusted domain containing the IIS servers.

Make sure that your IIS machine has appropriate file permissions established to prevent unauthorized copying or modifications of files.

Require password authentication before granting access to sensitive data.

Require users to change passwords at regular intervals.

Use the NTFS file system for data storage. NTFS allows very low-level control of file access control.

Always use encrypted passwords across the Internet.

Check all files transferred through FTP for viruses.
See "Domains," (Ch. 4)
See "Security for Your Internet Server," (Chapter 11)
See "Controlling the Flow of Information," (Chapter 28)

User Education and Training
If you are implementing an Internet solution where users within your enterprise will get access to the Internet or will be using your Intranet IIS machines, then you must spend some time and resources in educating your users about the Internet, its policies, and how to best utilize it.
You should develop a plan for user training and education. You need to address user-related issues such as these:

Internet primer. Train them about what the Internet is. Users can be directed towards hundreds of books written on the subject. Small group seminars can be arranged to introduce users to the Internet.

What the Internet offers. Train users on how they can derive value from the Internet. What are some of the resources available?

How to use the Internet. Train users on how to get connected and use the resources available on the Internet. Provide training on using client software such as Internet Explorer.

Internet etiquette. Introduce them to Internet policies and practices. Provide users with the Internet "Acceptable Use Policies" document or other guide to "netiquette." Make sure that users understand what is allowed and what is unacceptable on the Internet. Use a search engine with the keyword "netiquette" or try http://www.netwelcome.com.

Your users will be representing your organization to the rest of the Internet world. Make sure that they represent your organization in a positive and acceptable manner. Set up organizational guidelines on what is acceptable behavior.

Security issues. Train users on the security issues involved with using the Internet. Warn them about checking files downloaded from the Internet for viruses. Make them aware of the consequences of carrying out unlawful activities over the Internet, such as copying pirated software from the Internet.
User training is a time-consuming and costly undertaking. However, it is very important that users are properly educated and represent your organization in a positive manner. The time you invest in training will be repaid many times over.

From Here...
This chapter presented the issues you must address in preparing to implement IIS sites and an Internet presence. You learned the difference between Intranets and the Internet, some of the resources required to set up a server, and how to get connected to the Internet. You also learned about the planning that should be done before actually installing your server.

For more information on the Internet, see Chapter 9, "Understanding the Internet."

To plan your Internet Information Server installation, see Chapter 11, "Implementing Internet Information Server."

To explore how the Internet can be used in business, see Chapter 29, "Building Applications with Microsoft BackOffice."

To ensure proper security measures are taken for your Internet involvement, see Chapter 28, "Implementing Real-World Security."

To understand e-mail and SMTP gateways, see Chapter 16, "Exchange Server Advanced Topics."

Table of Contents
09 - Understanding the Internet
11 - Implementing Internet Information Server