Windows Web Solutions UPDATE—-July 15, 2003
HP & Microsoft Network Storage Solutions Road Show http://www.winnetmag.com/roadshows/nas
1. Commentary: The New Features of IIS 6.0's FTP server
2. Keeping Up with IIS - Installing FrontPage Server Extensions Unattended - Results from Last Issue's Instant Poll: Rate Your Web Server Attacks - This Issue's Instant Poll: Clustering
3. Announcements - Get the eBook That Will Help You Get Certified! - Find Your Next Job at Our IT Career Center
4. Resource - Featured Thread: Image Retrieval
5. Events - New Active Directory Web Seminar!
6. New and Improved - Protect Your Personal Web Servers for Free - Submit Top Product Ideas
7. Contact Us - See this section for a list of ways to contact us.
==== Sponsor: HP & Microsoft Network Storage Solutions Road Show ====
Missed the Network Storage Solutions Road Show? If you couldn't make the HP & Microsoft Network Storage Solutions Road Show, you missed Mark Smith discussing Windows-powered NAS, file-server consolidation, and more. The good news is that you can now view the Webcast in its entirety at: http://www.winnetmag.com/roadshows/nas
==== 1. Commentary: The New Features of IIS 6.0's FTP Server ==== by Tim Huckaby, [email protected]
Microsoft Internet Information Services (IIS) 6.0's performance, fault tolerance, and scalability features have received so much press that the less publicized IIS 6.0 features and components tend to get overlooked. One powerful new IIS 6.0 component that doesn't receive enough credit is the feature-rich FTP server, which includes the following new major features:
- Unicode Transformation Format-8 (UTF-8) and Unicode Internet Server API (ISAPI) support–IIS now supports multiple character sets for FTP, a long-awaited feature that resolves a security risk inherent in earlier versions of IIS FTP server. IIS 6.0 includes Unicode and UTF-8 support for filenames and URLs. Active Server Pages (ASP) and ASP.NET can now process any filename by using the Unicode filename string. When IIS 6.0's FTP server receives an incoming UTF-8 URL, the server automatically converts the URL to a Unicode representation and presents it to ASP or ASP.NET.
- VectorSend–Through a feature called VectorSend, IIS 6.0's FTP server supports the transmission of ordered lists of buffers and file handles. Http.sys compiles the buffer(s) into one response buffer within the kernel, then sends the buffer(s). As a result, IIS doesn't have to do buffer reconstruction or multiple write clients, which results in much better performance.
- FTP User Isolation–This feature is one of the most important FTP features for the IIS administrator, and lets an IIS administrator restrict users to their own FTP directories. FTP User Isolation keeps an FTP user from viewing or overwriting Web content by restricting users to their own directories. To prevent FTP users from navigating higher in the FTP directory tree, this feature presents each user's top-level FTP directory as the root of the FTP service. Within his or her own FTP site, the user still can create, modify, or delete files and folders. FTP User Isolation is a site property, not a server property, so IIS administrators can turn FTP User Isolation on or off for individual FTP sites.
Microsoft designed FTP User Isolation for ISPs and application service provider (ASPs) that need to offer their customers individual FTP directories to upload files and Web content. But FTP User Isolation is equally important to companies that want to extend FTP access to their customers, employees, and partners.
FTP User Isolation supports three isolation modes, each of which enables a different level of isolation and authentication. These modes are
- Do not isolate users-FTP User Isolation isn't enabled. This mode is designed to operate with earlier versions of IIS. Because isolation isn't enforced, this mode is ideal for a site that offers only download capabilities for shared content or for sites that don't need to prevent other users from accessing data.
- Isolate users-This mode authenticates FTP users against local or domain accounts before letting them access the home directory that corresponds to their username. All FTP user home directories are in a directory structure under one FTP root directory in which each user is placed and restricted to his or her home directory. Users can't navigate outside their home directory. The IIS 6.0 FTP server lets the IIS administrator establish a virtual root for users who need access to dedicated shared folders. Warning: IIS Server performance can degrade dramatically when this mode is used to create hundreds of home directories, so scalability testing is important when configuring large numbers of FTP home user directories.
- Isolate users using Active Directory-This mode authenticates user credentials against an Active Directory (AD) domain. In the authentication process, when a user's object is located within the AD container, the msIIS-FTPRoot and msIIS-FTPDir properties (attributes) provide the full path to the FTP user's home directory. When the FTP service can access the path, the user is placed within the FTP home directory, which represents the FTP root location. The user sees only his or her FTP root location, and is therefore restricted from navigating up the directory tree. If the msIIS-FTPRoot and msIIS-FTPDir properties (attributes) don't exist in AD or if they don't form a valid and accessible path, the user is denied access. Obviously, this isolation mode requires an AD server that's running on an OS in the Windows Server 2003 family.
The lack of FTP User Isolation has been a huge problem for IIS 5.0 and earlier administrators. FTP User Isolation is easy to set up, configure, and lock down. The three new features of IIS 6.0 FTP server, especially FTP User Isolation, make a compelling case for an IIS administrator to set up, configure, and publish more feature-rich FTP services.
==== 2. Keeping Up with IIS ====
Installing FrontPage Server Extensions Unattended Question: We're trying to develop a method for installing IIS 5.0 in unattended mode. We're using Sysocmgr and an answer file; however, we haven't been able to get Microsoft FrontPage Server Extensions to install with the answer file. Do you know whether the unattended setup procedure outlined in the Microsoft article "How to Change the Default Installation Paths for FTP and the Web" ( http://support.microsoft.com/default.aspx?scid=kb;en-us;q259671 ) has any bugs? To find Brett Hill's answer, click on the following URL: http://www.windowswebsolutions.com/articles/index.cfm?articleid=25221
Results From Last Issue's Instant Poll: Rate Your Web Server Attacks The voting has closed in the Windows & .NET Magazine Windows Web Solutions channel's nonscientific Instant Poll for the question, "How severe are the attacks that you usually experience in a given week on your Web servers?" Here are the results from the 23 responses: (Deviations from 100 percent are due to rounding.) - 0% We don't receive attacks. - 17% We rarely receive attacks. - 52% We receive some attacks, but they aren't too severe. - 30% We receive major attacks each week.
This Issue's Instant Poll: Clustering The next Instant Poll question is, "Does your company use clustering technology to provide fault-tolerant Web services?" Go to the Windows & .NET Magazine Windows Web Solutions home page and submit your vote for a) Yes, or b) No. http://www.windowswebsolutions.com
==== 3. Announcements ==== (from Windows & .NET Magazine and its partners)
Get the eBook That Will Help You Get Certified! The "Insider's Guide to IT Certification," from the Windows & .NET Magazine Network, has one goal: to help you save time and money on your quest for certification. Find out how to choose the best study guides, save hundreds of dollars, and be successful as an IT professional. The amount of time you spend reading this book will be more than made up by the time you save preparing for your certification exams. Order your copy today! http://winnet.bookaisle.com/ebookcover.asp?ebookid=13475
Find Your Next Job at Our IT Career Center Check out our new online career center in which you can browse current job openings, post your resume, and create automated notifications to notify you when a job is posted that meets your specifications. It's effective, it's private, and there's no charge. Visit today! http://windows.itcareerpath.com
==== 4. Resource ====
Featured Thread: Image Retrieval
Forum member SuperRandy has inherited a Web program that runs on IIS 5.0. His Web server is a dual Xeon system with 1GB of RAM and SCSI drives. Users of the Web application search and retrieve documents (i.e., single page 40KB TIFF files). The Web application copies each TIFF file to a working directory so that the user can retrieve or view the working directory version. SuperRandy believes that copying each file seems like additional work for the server when the user could simply view the original and wants to know whether he should revise the program to retrieve from the original location instead. To lend this forum member a helping hand, click the following URL: http://www.winnetmag.com/forums/rd.cfm?cid=41&tid=60793
==== 5. Events ==== (brought to you by Windows & .NET Magazine)
New Active Directory Web Seminar! Discover how to securely manage Active Directory in a multiforest environment, establish attribute-level auditing without affecting AD performance, and more! Space is limited--register today! http://www.winnetmag.com/seminars/securead
==== 6. New and Improved ==== by Sue Cooper, [email protected]
Protect Your Personal Web Servers for Free eEye Digital Security released SecureIIS Web Server Protection Personal Edition, software that can protect your Web servers. The software provides firewall protection and intrusion and application protection against known and unknown security threats, including worms, buffer overflows, and hybrid attacks. SecureIIS works as an Internet Server API (ISAPI) filter to block malicious activity and protects unpatched and patched Web servers. SecureIIS Web Server Protection Personal Edition is available at no cost for personal and noncommercial use. You can download the software at eEye Digital Security's site. http://www.eeye.com
Submit Top Product Ideas Have you used a product that changed your IT experience by saving you time or easing your daily burden? Do you know of a terrific product that others should know about? Tell us! We want to write about the product in a future What's Hot column. Send your product suggestions to [email protected]
==== Sponsored Links ====
AutoProf Jerry Honeycutt Desktop Deployment Whitepaper http://ad.doubleclick.net/clk;5790077;8214395;s?http://www.AutoProf.com/Update_TextLinks_2003_06_23.html
==== 7. Contact Us ====
About the commentary -- [email protected] About the newsletter -- [email protected] About technical questions -- http://www.winnetmag.net/forums About product news -- [email protected] About your subscription -- [email protected] About sponsoring UPDATE -- [email protected]
Manage your email newsletter account on our Web site. Simply log in and you can change your email address, update your profile information, and subscribe or unsubscribe to any of our email newsletters all in one place. http://www.winnetmag.com/email
Copyright 2003, Penton Media, Inc.