Home / Windows 7

Maintaining Your Web Server

In this tutorial, you will learn how to work with Internet Information Services (IIS). The IIS server role gives an environment the ability to have web services for both internal- and external-facing websites. IIS also provides several other key components that you will see in this tutorial. IIS in Windows Server 2012 is a new version, labeled IIS 8.

In addition, IIS has several key improvements to assist administrators; it now includes PowerShell modules and supports the ability to install IIS on Windows Server 2012 Server Core. You will learn some of the key features for application support for IIS, including support for PHP applications. You will also take a look at installing IIS on a server.

Install Internet Information Services

In this section, you will learn how to install Internet Information Services. You will see how to install IIS on a full Windows Server 2012 installation and on a Windows Server 2012 Server Core installation. Being able to install IIS on Windows Server 2012 Server Core significantly benefits your IIS infrastructure without the operating overhead of the full graphical installation of Windows Server 2012. The ability to install IIS on Windows Server 2012 Server Core is available because of the .NET application framework provided by Server Core. You will also get a brief overview of the various components IIS can provide to your environment.

Understand Internet Information Services Role Services

When you install IIS on your server, you will see a screen displaying the role services you can choose to install. Understanding which components you need to install will help you support your web server requirements and any needed web applications. Prior to installing IIS, you need to talk with your web developers to make sure you provide the proper level of support for their applications.

The role services are divided into three main categories:

  • Web Server:
    This category contains all the components for your websites from basic HTML websites to complex web applications. This is the main role of an IIS server, and it has several components and capabilities to provide the web infrastructure your environment will need.
  • Management Tools:
    This category provides the tools necessary to manage and administer your web servers. You will also be able to select management tools for previous versions of IIS.
  • FTP Server:
    This category allows you to install and set up a basic FTP server for your infrastructure.

The Web Server role service is broken into five major sections.

Common HTTP Features: The first component is Common HTTP Features, which provides a web server with basic functionality. Primarily basic and static HTML pages are provided by these features, as described in Table-1 below.

Table-1: Common HTTP Features

HTTP Feature 		Description
Static Content 		This provides the support needed for HTML pages and graphics
			and provides the basic level of functionality for your IIS 
                        server. This feature is installed by default.

Default Document 	This provides the web server with the ability to offer 
                        users of your website a default document when they 
                        reference your site without a specific file request. 
                        Essentially, the default document is the home page for 
                        your web server. This feature is installed by default.

Directory Browsing 	This allows your users, if they have the proper 
                        permissions, to browse the directory for the contents on 
                        your web server. This feature is installed by default.

HTTP Errors 		This provides the customizable error messages that users 
                        of your website will see. For example, when you see an
                        error message like "Error 403: Access Denied/Forbidden,"
                        this is the service that provides the error message. This 
                        feature is installed by default.

HTTP Redirection 	This provides the ability to redirect users of your
                        websites to a different location. This is great to use
                        when you want to send users to a different URL than what
                        they typed. This is useful when you want or need to rename
                        or change your domain for your website.

WebDAV Publishing 	Web Distributed Authoring and Versioning (WebDAV) provides
                        the needed capability to allow files to be published via
                        HTTP to your web server. This is commonly used by web
                        applications. Outlook Web Access is an example of an
                        application requiring WebDAV.

Application Development: The second category is Application Development. This unlocks the true power of a web server by providing the web server with the necessary infrastructure to support web applications and in general extend the functionality of IIS. This component allows you to support the many different programming languages developers can use to write web applications. It is vital that you understand how these components are installed and configured. However, you may be wondering which of the components, listed in Table-2 below, you need to install. This is an important question, and generally speaking, your web developers can help you make the proper decision to support the applications they are programming. It is good to take some time and chat with the developers, so you can install the proper components. By default, none of the Application Development components are installed.

Table-2: Application Development Components

Component 		Description
ASP.NET 		ASP.NET is an object-oriented programming environment.
			Installing this component allows your web server to support
			sites built using managed code via the ASP.NET framework.
			If you install this component, you also need to install
                        ISAPI Filters, ISAPI Extensions, and .NET Extensibility
                        to properly support this environment.

.NET Extensibility 	This allows your developers to change, add, and extend
			your web servers. This component provides the necessary
			framework to support ASP.NET.

ASP 			Active Server Pages (ASP) is a scripting environment
			commonly used to build websites. ASP provides support
			for VBScript and JScript. This is primarily used for older
			application support, and your developers may be using ASP.
			NET for any new projects. Installing ASP requires that you
			install ISAPI Extensions.

CGI 			Common Gateway Interface (CGI) is another scriptingbased
			language commonly used to create websites. PHP
			applications typically require CGI to be installed on the
			IIS server. This component provides a key framework for
			interoperability for non-Microsoft-based applications.

ISAPI Extensions 	Internet Server Application Programming Interface (ISAPI)
			provides support for dynamic content that is written using

ISAPI Filters 		The ISAPI filters help determine how requests are processed
			by your web applications. The filters are files that
			allow you to change the functionality of IIS to support your
			web applications.

Server Side Includes (SSI) 	SSI is another scripting-based language allowing
                        you to dynamically include common web clients on other web
			pages in your environment. For example, if you wanted to
			have a common menu appear on all the web pages on your
			site, your programmers could use SSI to provide the menu.

Health and Diagnostics: Health and Diagnostics provides the basic functionality to monitor and tune your IIS server. Table 10-3 below describes the features.

Table 10-3: Common HTTP Features

Component 		Description
HTTP Logging 		As the name implies, with HTTP logging you can track website
			activity on your IIS server. The types of events logged
                        are typically when an HTTP transaction occurs (such as a
                        web page request). This feature is installed by default.

Logging Tools 		This allows you to manage your logs, as well as provide
                        the functionality to automate common logging procedures.

Request Monitor 	This provides the ability to monitor the health of your
                        web applications. This allows you to see when a process
                        runs slowly or does not respond. Identifying the process
                        helps to identify any issue. This feature is installed
                        by default.

Tracing 		This is another tool that allows you to monitor web
                        applications. Tracing is typically used for hard-to-find
                        problems, such as when your website times out or performs
                        slowly because of poor performance.

Custom Logging 		With this component installed, you can create or use your
                        own logging components.

ODBC Logging 		This component provides logging for the Open Database
			Connectivity (ODBC) activity generated by your web server
                        when it connects to an ODBC-compliant database. Most modern
                        databases are ODBC compliant. ODBC logging provides a 
                        framework for you to log web activity to those databases.

Security: Security is vital in not only protecting your IIS servers but also protecting your applications and data. The Security section provides you with the ability to determine your level of secure authentication support in IIS. By protecting the authentication mechanisms, you can control how users access your web server environment. You need to speak to your web developers to determine which authentication mechanisms are supported by the applications they are currently writing and find the right blend of secure authentication, performance, and application compatibility. IIS has the capability to have multiple authentications supported on the server. In Table 10-4 below, you can find a list of the different authentication mechanisms and descriptions.

Table-4: Security Components

Component 		Description
Basic Authentication 	This method is the weakest of the authentication methods;
                        this method stores passwords in an easily decrypted format
                        during transmission. If you need to use basic authentication,
                        make sure you also use SSL. Basic authentication is used
                        generally when you need to offer compatibility to a variety
                        of web browsers.

Windows			This is a secure authentication mechanism, allowing you to
Authentication          leverage your existing Windows Active Directory domain
                        environment for authenticating your users. You should use
                        this solution for internal websites only, not for users
                        who access your website from behind proxy servers or

Digest Authentication 	This provides a more secure authentication methodology over
			basic authentication. This method will also leverage your
			Windows Active Directory domain environment, by sending a
			secure password hash to the domain controllers. This method
			should be considered if your users need to access your
                        website and they are behind proxy servers or firewalls.

Client Certificate	This allows you to use client certificates to authenticate
Mapping                 your Active Directory users, in a one-to-one mapping
Authentication          across multiple web servers.

IIS Client		This is a faster performance model than client certificate
Certificate Mapping	mapping but also uses client certificates to identify your
Authentication		users. This method can use either one-to-one or many-to-one
                        mappings and is typically used in heterogeneous directory

URL Authorization 	This provides a security mechanism to prevent access to
                        websites in your web servers. URL authorization gives you\
                        a tool to explicitly allow or deny access to a directory
                        on your web server either by username or by role. You can
                        use rules based on users, groups, or the header verbs of
                        your HTTP pages.

Request Filtering 	This method provides a layer of security at the web server
                        to help prevent many common hacking attacks to your server.
			This helps filter attacks that may make odd requests or that
			may use long URLs to target your server. This method screens
			all inbound requests of your server. This provides you with a
			mechanism to help mitigate attacks on your server. This
                        feature is installed by default.

IP and Domain		This allows you to allow or deny access to your web content,
Restrictions		based on the IP address or domain name of the requestor.
                        This provides an additional layer of security to your groups,
                        your roles, or even your NTFS permissions.

Performance: The last section is Performance. There are two choices in this section: Static Content Compression and Dynamic Content Compression. Static Content Compression is installed by default and provides your server with the ability to improve bandwidth utilization. As the name implies, this is useful only for static content on your web server, and it has the additional benefit of not affecting the CPU performance on your server.

Dynamic Content Compression also allows you to improve the bandwidth utilization of dynamic content for your web server. However, this method will also potentially have a negative impact on your server's CPU performance. If your Windows Server 2012 server is already heavily taxed for usage with your CPU, you should not install this component.

Install IIS on Windows Server 2012 Full Server Installation

After you determine which components you want to install for your version of IIS, you will need to install the IIS role with the required components. As with all the roles on Windows Server 2012, you begin the process in Server Manager:

  1. Select the Server Manager icon from the taskbar.
  2. In Server Manager, click Add Roles and Features.
  3. Choose Role-based or Feature-based installation.
  4. From the server pool, select the server to which you want to install.
  5. On the Select Server Roles screen, select Web Server (IIS) and click Next.
  6. There are no additional requirements to run IIS, so click Next on the Select Features screen.
  7. Click Next on the Web Server Roll (IIS) screen.
  8. Select the necessary role services to support your web application platform, or just use the defaults, and click Next.
  9. Click Install.
  10. Review the information on the Confirm Installation Selections screen, and when you are ready, click Install.
  11. Review the Installation Progress screen, and click Close.
Note: If you accept just the default selections, you will have a basic web server. The web server will have basic static content and functionality. More than likely, you will want to add some development components to provide your developers with a platform to build applications to support your company's business internally and externally.

Install IIS on Windows Server 2012 Core Server

The inclusion of the .NET Framework on Windows Server 2012 Server Core provides another platform to install web server roles. As with many other roles, you will use the Deployment Image Servicing and Management (dism) command-line tool on the server to install the IIS role. Because of the complexity and the numerous additional roles required, you will want to add the components separately as you build your IIS server, even though you can run this all in one command.

  1. After you log on to Server Core, type the following command to install the .NET Framework:
    DISM /Online /Enable-Feature
  2. After the .NET Framework is installed successfully, you can install the IIS role on Server Core. To begin the process, type the following command. The name of the role, in this case WebServerRole, is case sensitive. This command will install IIS with all the default components on Server Core:
    DISM /online /enable-feature
  3. To verify the installation and the necessary components, you can run the get-features switch for the dism command, as in dism / online /get-features.

After you run the command, you will see all the IIS features (enabled or disabled) listed in the feature list. These are all the role services for IIS, and they all begin with IIS.

Before you install any additional features on your IIS server, it's important to install the prerequisite features. For example, if you want to install ASP.NET on Windows Server 2012 Server Core, you need to install the following features: ISAPI Filters, ISAPI Extensions, and .NET Extensibility. When you install these components on a Windows Server 2012 server with a GUI, the GUI wizard will handle the prerequisite installation for you.

This is not the case for Server Core; you will need to install the required features prior to installing the main feature. For example, if you run the command to enable ASP.NET prior to installing the required features, you will see an error message.

The error message will inform you of the required features you need to install. In the example of installing ASP.NET on Server Core, you will need to run the following command prior to installing the ASP. NET feature:

	dism /online /enable-feature

After the command runs successfully, you can enable the ASP.NET feature by running the following command:

dism /online /enable-feature /featurename:IIS-ASPNET