Popular Windows Network Services and Applications

Lesson 7

Objectives

World Wide Web and Web Pages The World Wide Web is a system of interlinked hypertext documents known as web pages that can be viewed with a web browser such as Internet Explorer. Web pages may contain text, images, videos, and other multimedia that you can navigate between by using hyperlinks, and they are usually found by using a search engine such as Bing or Google

Web Server
When you view web pages, you are connecting to the web server using TCP port 80. Since personal information can be sent over the Internet, including credit card numbers, a supplemental protocol was developed called SSL. SSL, short for Secure Sockets Layer, uses TCP port 443, which uses a digital certificate to encrypt the packet so that it cannot be read by anyone else except the source and target. When you are using SSL, the browser URL starts with https (e.g., https://www.acme.com).

FTP
File Transfer Protocol (FTP) is a standard network protocol used to transfer a file from one host to another over a TCP/IP-based network. Different from HTTP, it uses two TCP ports to operate ports 20 and 21. FTP can be used with user-based password authentication or with anonymous user access. Unfortunately, the username, password, and data transfers are sent unencrypted. Therefore, when encryption is needed, you should use SFTP (SSH File Transfer Protocol), or FTPS (FTP over SSL), which adds SSL or TLS encryption.

SMTP For emails to travel over the Internet, email servers (or any server or client that sends email directly out) use Simple Mail Transfer Protocol (SMTP) as an outgoing mail transport. SMTP uses TCP port 25.

IIS Manager

Creating a Website When IIS is installed, the server will only have a default Web site. IIS was designed to handle multiple Web sites. Therefore, if your organization represents several subsidiaries, each with its own Web site, or you are a company that hosts web services for other companies, you would create multiple sites within IIS.

Multiple Websites
The default Web site is made to respond to all IP addresses assigned to server port 80 and port 443. To support multiple Web sites, you can assign additional IP addresses and assign a Web site to each IP address. You can also define a different port instead of port 80 or 443. When a user tries to access http://acme.com, they are really accessing http://acme.com:80. The :80 means port 80. One method that allows you to share the same IP address and port is to use host headers, which are used to specify a name that the Web site will respond to rather than all names that point to the address.

Web Server Folders

When you create a Web site, you specify a folder that represents the root of the Web site. Within that folder, you can create subfolders. A virtual directory is a directory used in a Web site that corresponds to a physical directory elsewhere on the server, on another server, or on a Web site.

Applications An application is a grouping of content on a Web site that is defined at the root level or in a separate folder that has specific properties, such as the application pool in which the application runs and the permissions that are granted on the folder. Each site must have at least one application named the root application or default application.

Application Pool
An application pool is a set of resources (a worker process or a set of worker processes) used by a Web site or application that defines the memory boundaries for the Web site. Forcing each application to have its own application pool ensures that one Web site does not interfere with another Web site on the same server, which ensures application performance and improved application availability. Therefore, if one application has a memory leak or crashes, it will not affect the other sites.

Default Files
By default, when you type in a Web sites URL such as http://acme.com, it will go to the root folder designed for acme.com and first look for one of the following files: 1. Default.htm 2. Default.asp 3. Index.htm 4. Index.html 5. Isstart.htm 6. Default.aspx

IIS Security
Since Web sites are designed to provide information, some of which may be sensitive, there will be times when you have to protect that data. You can protect it by limiting who can access the Web site, how users authenticate, and/or by encrypting the content when a request is made. You can grant or deny specific computers, groups of computers, or domains access to sites, applications, directories, or files on your server by using Authorization rules.

IIS Authentication
Authentication is used to confirm the identity of clients who request access to your sites and applications. IIS 7.0 supports the following forms of authentication:
Anonymous ASP.NET Impersonation Basic Authentication Digest Authentication Windows Authentication AD Client Certificate Authentication

SSL When you use SSL to encrypt web traffic, you are using asymmetric encryption, which involves a private key and a public key. The public key is provided to anyone who wants to access the web server, and the private key is kept secret, usually by the web server that you are trying to protect.
The public key is used to encrypt data, which only the private key can decrypt.

SSL

FTP Through IIS With IIS 7.5, you manage FTP through IIS Manager. While Windows Server 2008 includes IIS 7.0, you still manage FTP through IIS 6.0. The majority of FTP sites are used primarily to download files.
In most of these situations, FTP uses anonymous authentication where username and password are not required.

Remote Access Server

Today, it is very common for an organization to use a remote access server (RAS). This enables users to connect remotely to a network using various protocols and connection types. By connecting to the RAS over the Internet, users can connect to their organizations network so that they can access data files, read email, and access other applications just as if they were sitting at work.

VPN
Virtual private networks (VPNs) links two computers through a wide-area network such as the Internet. To keep the connection secure, the data sent between the two computers is encapsulated and encrypted. The three types of tunneling protocols used with a VPN/RAS server running on Windows Server 2008 include: Point-to-Point Tunneling Protocol (PPTP) Layer 2 Tunneling Protocol (L2TP) Secure Socket Tunneling Protocol (SSTP)

VPN Connection

Split Tunneling
By default, when you connect to a VPN using the previous configuration, all web browsing and network traffic goes through the default gateway on the Remote Network unless you are communicating with local home computers. If you wish to route your Internet browsing through your home Internet connection rather than going through the corporate network, you can disable the Use Default Gateway on Remote Network option. Disabling this option is called using a split tunnel.

Remote Desktop Services

With early networks, users utilized dumb terminals (systems consisting of a monitor and keyboard without a processor) to connect to a mainframe. Later, computers could use telnet to connect to a server and execute commands at a command prompt. Remote Desktop Services, formerly known as Terminal Services, is one of the components of Microsoft Windows that allows a user to access applications and data on a remote computer over a network.

Remote Desktop Licensing Modes By default, Windows Servers are configured to use Remote Desktop for Administration licensing mode, which supports up to two remote sessions (three if you count the console session, which is the session that you use when you log on to the computer directly), and is primarily used to connect to a server to manage it.

RemoteApp
RemoteApp (or TS RemoteApp) is a special mode of Remote Desktop Services that allows you to run an application in its own window instead of opening a session with Remote Desktop Connection. For the most part, the application looks like a normal application running on your local computer but in reality it is running remotely on a server. A RemoteApp can be packaged either as a .rdp file or distributed via an .msi Windows Installer package.

Remote Desktop Gateway

Besides using a VPN tunnel, you can use a Remote Desktop Gateway (RD Gateway) role service to enable authorized remote users to connect to resources on an internal private network over the Internet using a Remote Desktop Connection (RDC) client. RD Gateway uses the Remote Desktop Protocol (RDP) over HTTPS to establish a secure, encrypted connection between remote users on the Internet and the internal network resources on which their productivity applications run.

Virtual Servers By using virtual machine technology, you can run multiple operating systems concurrently on a single machine, which allows separation of services while keeping cost to a minimum. It can also be used to create Windows test systems in a safe, self-contained environment.

Microsoft Hyper-V
Microsoft Hyper-V is a hypervisor-based virtualization system for x64 computers starting with Windows Server 2008. The hypervisor is installed between the hardware and the operating system and is the main component that manages the virtual computers. To run several virtual machines on a single computer, you need to have sufficient processing power and memory to handle the load. However, since most servers often sit idle, virtualization utilizes the servers hardware more efficiently.

Installing Hyper-V To install Hyper-V, you need:

An x64 version of Windows Server 2008. 64-bit processors and BIOS that support hardware-assisted virtualization (Intel VT or AMD-V) technology. Hardware Data Execution Prevention (DEP), which Intel describes as eXecuted Disable (XD) and AMD describes as No eXecute (NS) it is a technology used in CPUs to segregate areas of memory for use by either storage of processor instructions or for storage of data.

Hyper-V Manager

Integration Services
Some of the Windows built-in drivers do not run efficiently under a virtual environment. Therefore, you need to install Integration Services, which includes some basic drivers. To install the integration components, open the Action menu of Virtual Machine Connection and click Insert Integration Services Setup Disk. If Autorun does not start the installation automatically, you can start it manually by executing the %windir%\support\amd64\setup.exe command.

Consolidation
In many organizations, you may want to consolidate several physical servers to one machine running multiple virtual servers. Microsoft System Center Virtual Machine Manager (VMM) allows you to convert existing physical computers into virtual machines through a process known as physical-to-virtual (P2V) conversion.

Managing Disks When you create a virtual hard drive, you can define the virtual hard disks as:
Fixed size virtual hard disks: Take up the full amount of disk space when created, even if there is no data using parts of the hard disk. Dynamically expanding hard disks: Expands as it needs space up to its full space.

Snapshots
One of the strengths of virtual servers is the ability to take snapshots. A snapshot is a point in time image of a virtual machine that you can return to. So, if you make a change to the system, such as loading a component or installing an update, that causes problems, you can use the snapshot to quickly revert back to the point before the change was made. With Hyper-V, you can create 10 levels of snapshot per virtual server.

Virtual Networks

Summary
When you view web pages, you are connecting to the web server using TCP port 80. SSL, short for Secure Sockets Layer, uses TCP port 443, which uses a digital certificate to encrypt data sent to and from a Web site so that it cannot be read by anyone except the source and target. When you are using SSL, the browser URL will start with https. File Transfer Protocol (FTP) is a standard network protocol used to transfer a file from one host to another over a TCP/IP-based network. Microsofts web server/application server is Internet Information Services (IIS).

Summary
To support multiple Web sites, you can assign additional IP addresses and assign a site to each IP address by using different ports for each site or host headers. To configure the IP address, port, and name a Web site will respond to, you must configure the site binding. A virtual directory is a directory used in a Web site that corresponds to a physical directory elsewhere on the server, on another server, or on a Website.

Summary The Default Documents feature allows you to configure the list of default documents that will automatically be presented to a browser if a document is not specified. A virtual private network (VPN) links two computers through a wide-area network such as the Internet. To keep the connection secure, the data sent between the two computers is encapsulated and encrypted.

Summary By using virtual machine technology, you can run multiple operating systems concurrently on a single machine, which allows separation of services while keeping cost to a minimum. The hypervisor is installed between the hardware and the operating system and is the main component that manages virtual computers.