Maintaining Your Web Server
In this tutorial, you will learn how to work with Internet Information Services (IIS). The IIS server role gives an environment the ability to have web services for both internal- and external-facing websites. IIS also provides several other key components that you will see in this tutorial. IIS in Windows Server 2012 is a new version, labeled IIS 8.
In addition, IIS has several key improvements to assist administrators; it now includes PowerShell modules and supports the ability to install IIS on Windows Server 2012 Server Core. You will learn some of the key features for application support for IIS, including support for PHP applications. You will also take a look at installing IIS on a server.
Install Internet Information Services
In this section, you will learn how to install Internet Information Services. You will see how to install IIS on a full Windows Server 2012 installation and on a Windows Server 2012 Server Core installation. Being able to install IIS on Windows Server 2012 Server Core significantly benefits your IIS infrastructure without the operating overhead of the full graphical installation of Windows Server 2012. The ability to install IIS on Windows Server 2012 Server Core is available because of the .NET application framework provided by Server Core. You will also get a brief overview of the various components IIS can provide to your environment.
Understand Internet Information Services Role Services
When you install IIS on your server, you will see a screen displaying the role services you can choose to install. Understanding which components you need to install will help you support your web server requirements and any needed web applications. Prior to installing IIS, you need to talk with your web developers to make sure you provide the proper level of support for their applications.
The role services are divided into three main categories:
- Web Server:
This category contains all the components for your websites from basic HTML websites to complex web applications. This is the main role of an IIS server, and it has several components and capabilities to provide the web infrastructure your environment will need. - Management Tools:
This category provides the tools necessary to manage and administer your web servers. You will also be able to select management tools for previous versions of IIS. - FTP Server:
This category allows you to install and set up a basic FTP server for your infrastructure.
The Web Server role service is broken into five major sections.
Common HTTP Features: The first component is Common HTTP Features, which provides a web server with basic functionality. Primarily basic and static HTML pages are provided by these features, as described in Table-1 below.
Table-1: Common HTTP Features
HTTP Feature Description
Static Content This provides the support needed for HTML pages and graphics
and provides the basic level of functionality for your IIS
server. This feature is installed by default.
Default Document This provides the web server with the ability to offer
users of your website a default document when they
reference your site without a specific file request.
Essentially, the default document is the home page for
your web server. This feature is installed by default.
Directory Browsing This allows your users, if they have the proper
permissions, to browse the directory for the contents on
your web server. This feature is installed by default.
HTTP Errors This provides the customizable error messages that users
of your website will see. For example, when you see an
error message like "Error 403: Access Denied/Forbidden,"
this is the service that provides the error message. This
feature is installed by default.
HTTP Redirection This provides the ability to redirect users of your
websites to a different location. This is great to use
when you want to send users to a different URL than what
they typed. This is useful when you want or need to rename
or change your domain for your website.
WebDAV Publishing Web Distributed Authoring and Versioning (WebDAV) provides
the needed capability to allow files to be published via
HTTP to your web server. This is commonly used by web
applications. Outlook Web Access is an example of an
application requiring WebDAV.
Application Development: The second category is Application Development. This unlocks the true power of a web server by providing the web server with the necessary infrastructure to support web applications and in general extend the functionality of IIS. This component allows you to support the many different programming languages developers can use to write web applications. It is vital that you understand how these components are installed and configured. However, you may be wondering which of the components, listed in Table-2 below, you need to install. This is an important question, and generally speaking, your web developers can help you make the proper decision to support the applications they are programming. It is good to take some time and chat with the developers, so you can install the proper components. By default, none of the Application Development components are installed.
Table-2: Application Development Components
Component Description
ASP.NET ASP.NET is an object-oriented programming environment.
Installing this component allows your web server to support
sites built using managed code via the ASP.NET framework.
If you install this component, you also need to install
ISAPI Filters, ISAPI Extensions, and .NET Extensibility
to properly support this environment.
.NET Extensibility This allows your developers to change, add, and extend
your web servers. This component provides the necessary
framework to support ASP.NET.
ASP Active Server Pages (ASP) is a scripting environment
commonly used to build websites. ASP provides support
for VBScript and JScript. This is primarily used for older
application support, and your developers may be using ASP.
NET for any new projects. Installing ASP requires that you
install ISAPI Extensions.
CGI Common Gateway Interface (CGI) is another scriptingbased
language commonly used to create websites. PHP
applications typically require CGI to be installed on the
IIS server. This component provides a key framework for
interoperability for non-Microsoft-based applications.
ISAPI Extensions Internet Server Application Programming Interface (ISAPI)
provides support for dynamic content that is written using
ISAPI.
ISAPI Filters The ISAPI filters help determine how requests are processed
by your web applications. The filters are files that
allow you to change the functionality of IIS to support your
web applications.
Server Side Includes (SSI) SSI is another scripting-based language allowing
you to dynamically include common web clients on other web
pages in your environment. For example, if you wanted to
have a common menu appear on all the web pages on your
site, your programmers could use SSI to provide the menu.
Health and Diagnostics: Health and Diagnostics provides the basic functionality to monitor and tune your IIS server. Table 10-3 below describes the features.
Table 10-3: Common HTTP Features
Component Description
HTTP Logging As the name implies, with HTTP logging you can track website
activity on your IIS server. The types of events logged
are typically when an HTTP transaction occurs (such as a
web page request). This feature is installed by default.
Logging Tools This allows you to manage your logs, as well as provide
the functionality to automate common logging procedures.
Request Monitor This provides the ability to monitor the health of your
web applications. This allows you to see when a process
runs slowly or does not respond. Identifying the process
helps to identify any issue. This feature is installed
by default.
Tracing This is another tool that allows you to monitor web
applications. Tracing is typically used for hard-to-find
problems, such as when your website times out or performs
slowly because of poor performance.
Custom Logging With this component installed, you can create or use your
own logging components.
ODBC Logging This component provides logging for the Open Database
Connectivity (ODBC) activity generated by your web server
when it connects to an ODBC-compliant database. Most modern
databases are ODBC compliant. ODBC logging provides a
framework for you to log web activity to those databases.
Security: Security is vital in not only protecting your IIS servers but also protecting your applications and data. The Security section provides you with the ability to determine your level of secure authentication support in IIS. By protecting the authentication mechanisms, you can control how users access your web server environment. You need to speak to your web developers to determine which authentication mechanisms are supported by the applications they are currently writing and find the right blend of secure authentication, performance, and application compatibility. IIS has the capability to have multiple authentications supported on the server. In Table 10-4 below, you can find a list of the different authentication mechanisms and descriptions.
Table-4: Security Components
Component Description
Basic Authentication This method is the weakest of the authentication methods;
this method stores passwords in an easily decrypted format
during transmission. If you need to use basic authentication,
make sure you also use SSL. Basic authentication is used
generally when you need to offer compatibility to a variety
of web browsers.
Windows This is a secure authentication mechanism, allowing you to
Authentication leverage your existing Windows Active Directory domain
environment for authenticating your users. You should use
this solution for internal websites only, not for users
who access your website from behind proxy servers or
firewalls.
Digest Authentication This provides a more secure authentication methodology over
basic authentication. This method will also leverage your
Windows Active Directory domain environment, by sending a
secure password hash to the domain controllers. This method
should be considered if your users need to access your
website and they are behind proxy servers or firewalls.
Client Certificate This allows you to use client certificates to authenticate
Mapping your Active Directory users, in a one-to-one mapping
Authentication across multiple web servers.
IIS Client This is a faster performance model than client certificate
Certificate Mapping mapping but also uses client certificates to identify your
Authentication users. This method can use either one-to-one or many-to-one
mappings and is typically used in heterogeneous directory
environments.
URL Authorization This provides a security mechanism to prevent access to
websites in your web servers. URL authorization gives you\
a tool to explicitly allow or deny access to a directory
on your web server either by username or by role. You can
use rules based on users, groups, or the header verbs of
your HTTP pages.
Request Filtering This method provides a layer of security at the web server
to help prevent many common hacking attacks to your server.
This helps filter attacks that may make odd requests or that
may use long URLs to target your server. This method screens
all inbound requests of your server. This provides you with a
mechanism to help mitigate attacks on your server. This
feature is installed by default.
IP and Domain This allows you to allow or deny access to your web content,
Restrictions based on the IP address or domain name of the requestor.
This provides an additional layer of security to your groups,
your roles, or even your NTFS permissions.
Performance: The last section is Performance. There are two choices in this section: Static Content Compression and Dynamic Content Compression. Static Content Compression is installed by default and provides your server with the ability to improve bandwidth utilization. As the name implies, this is useful only for static content on your web server, and it has the additional benefit of not affecting the CPU performance on your server.
Dynamic Content Compression also allows you to improve the bandwidth utilization of dynamic content for your web server. However, this method will also potentially have a negative impact on your server's CPU performance. If your Windows Server 2012 server is already heavily taxed for usage with your CPU, you should not install this component.
Install IIS on Windows Server 2012 Full Server Installation
After you determine which components you want to install for your version of IIS, you will need to install the IIS role with the required components. As with all the roles on Windows Server 2012, you begin the process in Server Manager:
- Select the Server Manager icon from the taskbar.
- In Server Manager, click Add Roles and Features.
- Choose Role-based or Feature-based installation.
- From the server pool, select the server to which you want to install.
- On the Select Server Roles screen, select Web Server (IIS) and click Next.
- There are no additional requirements to run IIS, so click Next on the Select Features screen.
- Click Next on the Web Server Roll (IIS) screen.
- Select the necessary role services to support your web application platform, or just use the defaults, and click Next.
- Click Install.
- Review the information on the Confirm Installation Selections screen, and when you are ready, click Install.
- Review the Installation Progress screen, and click Close.
Note: If you accept just the default selections, you will have a basic web server. The web server will have basic static content and functionality. More than likely, you will want to add some development components to provide your developers with a platform to build applications to support your company's business internally and externally.
Install IIS on Windows Server 2012 Core Server
The inclusion of the .NET Framework on Windows Server 2012 Server Core provides another platform to install web server roles. As with many other roles, you will use the Deployment Image Servicing and Management (dism) command-line tool on the server to install the IIS role. Because of the complexity and the numerous additional roles required, you will want to add the components separately as you build your IIS server, even though you can run this all in one command.
- After you log on to Server Core, type the following command to install the .NET Framework:
DISM /Online /Enable-Feature /Featurename:NetFx2-ServerCore
- After the .NET Framework is installed successfully, you can install the IIS role on Server Core. To begin the process, type
the following command. The name of the role, in this case WebServerRole, is case sensitive. This command will install IIS
with all the default components on Server Core:
DISM /online /enable-feature /featurename:IIS-WebServerRole /featurename:IIS-WebServer
- To verify the installation and the necessary components, you can run the get-features switch for the dism command, as in dism / online /get-features.
After you run the command, you will see all the IIS features (enabled or disabled) listed in the feature list. These are all the role services for IIS, and they all begin with IIS.
Before you install any additional features on your IIS server, it's important to install the prerequisite features. For example, if you want to install ASP.NET on Windows Server 2012 Server Core, you need to install the following features: ISAPI Filters, ISAPI Extensions, and .NET Extensibility. When you install these components on a Windows Server 2012 server with a GUI, the GUI wizard will handle the prerequisite installation for you.
This is not the case for Server Core; you will need to install the required features prior to installing the main feature. For example, if you run the command to enable ASP.NET prior to installing the required features, you will see an error message.
The error message will inform you of the required features you need to install. In the example of installing ASP.NET on Server Core, you will need to run the following command prior to installing the ASP. NET feature:
dism /online /enable-feature /featurename:IIS-ApplicationDevelopment /featurename:IIS-ISAPIFilter /featurename:IIS-ISAPIExtensions /featurename:IIS-NetFxExtensibility
After the command runs successfully, you can enable the ASP.NET feature by running the following command:
dism /online /enable-feature /featurename:IIS-ASPNET