Introduction
About the Intemet Information Services Resource Guide
Resource KitCompactDisc
Resource KitSupportPolicy
CHAPTER 1 0verview of Internet Information Services 5.0
What is NewinIIS5.0
Security
Adndnistration
Programmability
InternetStandards
IIS5.0Architecture
ArchitectureOverview
Microsoft Management Console
Active Server Pages and Microsoft Script Debugger
IndexingService
CertificateServices
MessageQueuing
Database Access Component
Adndnistrative Architecture
IIS Adndnistration Objects
Internet Services Manager
Built-in and Custondzed Scripts
Programmability Architecture
Comrnon Gateway Interface
ISAPIFilters
ISAPIExtensions
ActiveServerPages
ActiveScripting
ComponentServices
PublishingonWebSites
WebDAV
FrontPage Server Extensions
crP
Additional Resources
CHAPTER 2 Managing the Mi9ration Process
Migration Process Overview
l.Envisioning
DefinetheProject
Create a Requirements Definition
Develop a Conceptual Design
AssessRisk
DefinetheProjectTeam
2.Planning
Team Roles during the Planning Phase
GatherInfOrmation
Server and Network Environment
Tools and Utilities in Use
Users
Standards
Define the New Service Offering
Functional Spedfication
SolutionPrototype
AssessResourceNeeds
Staff
MigrationTools
ServerSoftware
Hardware
Build the Master Project Plan
DrafttheProjectSchedule
CheckYourAssumptions
3.Developing
Team Roles During the Developing Phase
ValidatetheDesign
UnitTesting
IntegrationTesting
ApplicationTesting
BuildouttheSystem
BeginTraining
ConductPilotTesting
4.Deploying
Team Roles During the Deploying Phase
FinishTraining
RollouttheNewSystem
MonitortheSystem
AdditionalResources
SupportDocuments
IIS5.0MigrationTools
IISMigrationWizard
Microsoft Interoperability Lab
OtherMigrationTools
Migration and Integration Resources
Planning and Testing Resources
TestTools
General Adndnistration Books and Training
CHAPTER 3 Migrating a Web Server to IIS 5.0
Basic Steps to Migrate aWeb Server
Assessing Hardware Requirements
Prepedng the Destination Server
UsingtheIISMigrationWizard
MigratingWebandFTPSites
Replicating Windows-Based Files
Replicating UNIX-Based Files
ComPleting Web Site Migration
ComPleting FTPSiteMigration
Replicating and Configuring Applications
MigratingLogFiles
Migrating Configuration Settings
SecuringtheServer
Migrating Users and Groups
SettingNTFS Pendssions
Setting IIS 5.0Pendssions
Setting Pendssions Based on Content
Migrating Security Certificates
Integrating UNIX and Windows 2000 Server Security
Migrating from Apache HTTP Server
ComParingApacheandIIS 5.0
AdndnistrationInterface
Security
UserDirectory
VirtualHost
Alias/DirectoryAlias
CustomErrorMessages
Redirects
Migrating ApacheDirectives
ServerDirectives
ResourceConfiguration
AccessConfiguration
MigratingCustomModules
Migrating from Netscape Enterprise Server
CompedngNESandIIS 5.0
Tendnology
Migrating NES Configuration Settings
ServerPreferences
Applications
ServerStatus
ConfigurationStyles
ContentManagement
WebPublishing
AgentsandSearch
AutoCatalog
Upgrading or Replicating an IIS Web Server
ChoosinganApproach
Recommendations for Upgrading or Replicating
MigratingWebApplications
IIS 5.0 Application Technologies
Deciding to Port or Rewrite CGI Applications
Performance vs. Development Work
Effort to Develop and Maintain
PortingCGIApplications
Configuring a Script InterPreter
Special Considerations for UNIX Applications
MigratingaUNIXPerlScript
Converting UNIX Application Files
ConvertingCGItoISAPI
MigratingfromCGItoASP
ASPScripting Support
Analyzing the Application
InputProcessing
BusinessLogic
Extemal Gateway and Database Logic
Maintaining State
OutPutHandling
TheFileSystem
Reproducing Cormon CGI Services
Electronic Mail Delivery
PageCounters
Additional Resources
IIS 50MigratiOtiTools
IIS MigrationWizard
Application Migration Tools
Server Adndnistration and Interoperation Tools
ReferenceBooks
SecurityResources
CHAPTER 4 Capacity PIanning
CaPacity Planning Issues
Traffic
Considerations
SecureSocketsLayer
Web Application Performance
Reliability
ServerClustering
NetworkLoad Balancing
Detendning Your Installations Requirements
ACaPacity Planning Checklist
Capacity Planning Scenedos
TheIntranetWeb Site
The Intemet Marketing Web Site
The Intemet Transactional Web Site
The Internet Commerce Web Site
A Large-Site Case Study: ndcrosoft.com
ASnapshotoftheSite
Summary
GeneralGuidelines
AdditionalResources
WebLinks
Books
CHAPTER 5 Monitoring and Tuning Your Server
UsingThisChapter
Memory
MonitoringOverallServerMemory
. MonitoringJheFileSystemCache
PreventingProcessorBottlenecks
Suggestions for ImProving Processor Usage and Performance
NetworkIlO
Network Bandwidth Requirements of a Server Running IIS 5.0
MonitoringtheNetworkConnection
OptindzingtheNetworkConnection
DiskI/O
MonitoringaRemoteComputer
WebApplications
TuningtheASPQueueandThradPool
How This AffectsServer Adndnistration
OptindzingforWebApplications
Short-Term Problems and Temporary Fixes
TuningTips
MonitoringSecurityOverhead
Measuring Security Overhead with WCAT
Tools
TheSystemMonitor
PerfOrmanceCounterCheck
TheHTTPMonitoringTool
NetStatandNetMon
Process Viewer,Process Explode, Process Monitor, and Event Viewer
Web Application Stress Tool andWCA
Getting Started with the Web Application Stress Tool
General Guidelines for Using the Web Application Stress Tool
Suggestions
Useful Counters fOr Stress Testing
SuggestedValues
ExandningtheResults
BaselineLogging
AdditionalResources
WebLinks
Books
Tools
CHAPTER 6 DeveIoping Web AppIications
BuildingonClienUServer
ClienUServerRevisited
Multi-TierDesign
WindowsDNA
The Future of Applications on the Intemet
Client-SideTechnologies
TextandHTML
GraPhics andMultimedia
Hyperlinks
Client-SideScript
ActiveXControls
Cascading Style Sheets
DynandcHTML
DataBinding
BrowserSupport
Lindtations of Client Technologies
TheMiddleTier
CGIApplications
ISAPI Extensions and Filters
ActiveServerPages
ASPServer-Side Scripting
Execution Behavior of Scripts in ASP Pages
Built-in Objects and Server-Side Components
WhyComPonents?
Building Windows Script ComPonents
ASPApplications
ASPSessionManagement
Building an ASP Application
SelectingObjectScope
Process Isolation and Crash Recovery
Applications and Processes
Configuring an Isolated Process
Out-of Process Components
Security Considerations
A Note About Application Testing
Design Pattems for Web Applications
Factoring Your Application
UsingFormsforInput
The Difference between GET and POST
Client-Side Form Validation
HiddenFormFields
Redirection
Client-SideRedirection
Redirecting During Session--OnStart
Debugging Applications and Components
Script Debugging in Active Server Pages
Avoiding Common Mistakes
DebuggingASP
ScriptManagement
Debugging ISAPI and Server ComPonents
Disabling Debug Exception Handling
Debuggingns5.o
Inability to Create ComPonents
AdditionalResources
WebLinks
Books
CHAPTER 7 Data Access and Transactions
WebDatabaseTechnologies
WhyaWebDatabase?
Data Publishing Considerations
Industrial Strength Information
Microsoft Data Access ComPonents
ODBC andOLEDB
ADOandRDS
OtherDataAceessMethods
ADC
JetDatabaseEngineandDAO
RDO
TheCostofDataAccess
Client-SideDataAccess
Client-TierElements
Data-AwareControls
DataCache
ClientCursorEngine
Business Object Proxies and the RDS.DataSpace Object
Middle-Tier Elements of Client-Side Data Access
IIS5.0andADISAPI
The RDS Data Factory and Custom Business Objects
Designing Custom Business Objects
Accessing Data with ASP and COM ComPonents
PreparingtheDatabase
Connection Strings
Creating an ODBC-Compliant Data Source
DSN-less Connections
SelectinganOLEDBProvider
DataSourcePendssions
SecurityandSQLServer
TheDatabaseConnection
ODBCConnectionPooling
Tips for Optindzing Database Connections
RecordsetsandCursors
Forward-OnlyCursors
Staticvs.DynandcCursors
KeysetCursors
CursorConcurrency
CursorLocation
ManagingRecordsinaRecordset
KeepingTrackofNewRecords
AvoidingQueryTime-outs
PurgingDeletedRecords
ReferencestoFieldValues
VBScript Examplet Filling a List Box
PerlScript Example: Filling a Table
Limiting the Number of Records
Visual Basic Example; Paging through a Recordset
Retrieving Image Data
Stored Procedures
Returing Values from Stored Procedures
Retrieving Image Data
Stored Procedures
Returning Values from stored Procedures
Prepared Queries
Transaction Processing on the Web
Transactions Explained
Extending the Limits of Transactions
Transactional ASP
Business Objects vs. Script in ASP Pages
Transactional Components
Business Logic in Components
Participating in Transactions
Using Database Access Interfaces with Component Services
Distribution and Scaling Issues
Introducing Message Queuing
Time-Independent Transaction Processing with Message Queuing
Additional Resources
Web Links
Books
CHAPTER 8 administering an ISP Installation
Configuring IIS5.0
Creating Web Sites
Creating a Company Web Site
Creating a Personal Web Site
Restricting Content
Managing Your Installation
Enhancing Reliability
Replication and Clustering in IIS5.0
Running Applications
Recovering From Crashes
Automating Administration
Windows Script Host
IIS Admin Objects and ADSI
Executing Scripts
Examples
Adnunistenng a Site Remotely
IIS Snap-In
Internet Services Manager(HTML)
Command Line
Terminal Services
Telnet
TumingUsers Intoweb Site Operators
Configunng FrontPage Server Extensions
In加dueing the FrontPage Snap-In
Managing Content
Overlapping Virtual Servers
Setting Secunty on an IIS 5.0 Server
Setting Pernusslons
Connguring E-manil
Uploading Content through FTP
Internet Connection Services for Remote Access
Administenng Older Version Servers
Allocating Resources
Logglflg Resources
Controlling Bandwidth
grocess gccounting and Process mitting
Monitoring Performance wlththeHHPMonltoringTool
Customizing Your Installation
HostingMultiple Slies withoneIPAddress
Supporting Non-HHPI.1.1-Compllant Browsers
Sending CooKkies
Components for Administration(SamPle SetuP)
Making Redlrects Work for You
Setting Up Custom HHP Headers
Content pxplratlon Example
Rating Content with PICS
Customizing HTML Footers
Building a Web Cluster
Defining Clustenng
Defining Load Balancing
Grouping Load Balancing Featllres
Creating a Three-Tier Web Cluster
Calculating Hardware Needs
Building the First Tier
Building the Second Tier
Building the Third Tier
Reviewing the Three Tiers
AdaptmgllS 5.o to asamPlelnstallatlon
Several Business Clients
ThfCC NCtWOrkS lfl OflC
ExpandingthePlatform: Considerations and SuggestedGuldellnes
SomeNotes on Secunty
Additional Resources
Web Links
CHAPTER 9 Security
Foundations ofComputersecunty
TheatSg VulnerabllltleS3 and Attacks
Types of Attack
The Bottom-Line Cost of Secunty
UsingtheBullt-In SecuntyFeatures ofwlndows 200 Server
Configunng IIS 5.0 Secunty
IIS 5.0 Authentication Modes
Extending IIS 5.0 Secunty
File andolrectory Secunty
Virtual Directory Secunty
SecureCommunlcatlons withSSLandTLS
HOW ACCCSS IS DCtCfflllllCd
Troubleshooting Permissions
An End-to-End Troubleshooting ExamPle
Defending Against Malicious Attacks
Using the Secunty Templates
glldltillgACCCSS WlthllS 5.0 Logs
Useful IIS Admin Objects/ADSI Secunty Settings
IIS 50 Secunty Checklist
Additional Resources
Books
Secunty Theory
Flrewalls andDoxy Servers
System Intrusion
GeneralSecurity
EncryPtion
WindowsNTSecurity
GeneralNetworking
CHAPTER 10 Access to Legacy Applications and Data
IdentifyingStrategies
ConnectingtoSNA
IntegratingIIS andLegacy Applications
COMTransactionIntegrator
Functional OVerview of the COM Transaction Integrator
COMTIDevelopmentScenarios
GainingAccesstoLegacyData
LegacyFileDataandIIS 5.0
Access to VSAM and AS/400 files with OLE DB and ActiveX Data Objects
Functional Overview oftheDataProvider
ReplicatingLegacyDatabases
WhyReplication?
Replicate Data Using Data Transformation Services
Replicating DB2 Tables by using Host Data Replicator
Two-WayReplication
FlexibleProcessingandFiltering
Scheduling
Statistics
Security
Performance
SupportedPlatforms
MigratingTransactionProcessing
WhyUseTransactions?
MigratingtoComponent Services
FeaturesandCaPabilities
AdditionalResources
WebLinks
Books
SNA Server 4.0 Software Product Documentation
APPENDlX A ASP Best Practices
WhentoUseASP
ProjectDirectories andFiles
Organizing Application Directories and Files
Using File Name Extension Standards
Style Guide for Scripts in ASP Pages
HTMLStandards
ScriptingfOrPerformance
Object and Vedable Initialization
Working with Connections
Visual Basic Applications as DLLs
AdditionalResources
WebLinks
Books
APPENDlX B Site Security Planning
Assessing Threats to Security
ThreatIdentification
ThreatsonIntranet
Fhreats overthe Internet
WheretoSpendtheEffOrt
Why Is Security Difficult?
A Least-Access Approach
MdengPolicy
Vigilance andRevision
Adopting Technologies and Standards
Additional Resources
WebLinks
Books
Glossary
lndex