In this section, you will learn how to install
Internet Information Services. You will see how to install IIS on a full
Windows Server 2008 R2 installation and on a Windows Server 2008 R2
Server Core installation. You will also see how Windows Server 2008 R2
Web edition can be installed for the purpose of supporting an IIS
server. Being able to install IIS on Windows Server 2008 R2 Server Core
provides a new workload capability to Server Core. The ability to
install IIS on Windows Server 2008 R2 Server Core is available because
of the .NET application framework provided by Server Core. You will also
get a brief overview of the various components IIS can provide to your
environment.
1. Understand Internet Information Services Role Services
When you are installing IIS on your server, you will see a screen of role services you can choose to install, as shown in Figure 1.
Understanding which components you will need to install will help you
support your web server requirements in addition to any needed web
applications. Prior to installing IIS, you need to talk with your web
developers to make sure you are providing the proper level of support
for their applications.
The role services are broken into three main categories:
Web Server: This
category contains all the components for your websites from basic HTML
websites to complex web applications. This is the main role of an IIS
server and has several components and capabilities to provide you with
the web infrastructure your environment will need.
Management
Tools: This category provides you with the tools necessary to manage
and administer your web servers. You will also be able to select
management tools for previous versions of IIS, mainly IIS 6.0.
FTP Server: This category allows you to install and set up a basic FTP server for your infrastructure.
The Web Server role
service is broken into five major sections. The first component is
Common HTTP Features, which provides the web server with basic
functionality. Primarily basic and static HTML pages are provided by
these features, as described in Table 1.
Table 1. Common HTTP Features
| HTTP Feature | Description |
|---|
| Static Content | This
provides the support needed for HTML pages and graphics and provides
the basic level of functionality for your IIS server. This feature is
installed by default. |
| Default Document | This
provides the web server with the ability to offer users of your website
a default document when they reference your site without a specific
file request. Essentially, the default document is the home page for
your web server. This feature is installed by default. |
| Directory Browsing | This
allows your users, if they have the proper permissions, to browse the
directory for the contents on your web server. This feature is installed
by default. |
| HTTP Errors | This
provides the customizable error messages that users of your website
will see. For example, when you see an error message like "Error 403:
Access Denied/Forbidden," this is the service that provides the error
message. This feature is installed by default. |
| HTTP Redirection | This
provides you with the ability to redirect users of your websites to a
different location. This is great to use when you want to send users to a
different URL than what they typed in. This is useful when you want or
need to rename or change your domain for your website. |
| WebDAV Publishing | Web
Distributed Authoring and Versioning (WebDAV) provides the needed
capability to allow files to be published via HTTP to your web server.
This is commonly used by web applications. Outlook Web Access is an
example of an application requiring WebDAV. |
The second category is
Application Development. This unlocks the true power of a web server by
providing the web server with the necessary infrastructure to support
web applications and in general extend the functionality of IIS. This
component allows you to support the many different programming languages
your developers can use to write web applications. It is vital that you
understand how these components are installed and configured. However,
you may be wondering which of the components, listed in Table 2,
you need to install. This is an important question, and generally
speaking, this is for your web developers to help you make the proper
decision to support the applications they are programming. It is good to
take some time and chat with the developers so you can install the
proper components. By default, none of the Application Development
components are installed.
Table 2. Application Development Components
| Component | Description |
|---|
| ASP.NET | ASP.NET
is an object-oriented programming environment. Installing this
component will allow your web server to support sites built using
managed code via the ASP.NET framework. If you install this component,
you will also need to install ISAPI Filters, ISAPI Extensions, and .NET
Extensibility to properly support this environment. |
| .NET Extensibility | This
allows your developers to change, add, and extend your web servers.
This component provides the necessary framework to support ASP.NET. |
| ASP | Active
Server Pages (ASP) is a scripting environment commonly used to build
websites. ASP provides support for VBScript and JScript. This is
primarily used for older application support, and your developers may be
using ASP.NET for any new projects. Installing ASP will require that
you install ISAPI Extensions. |
| CGI | Common
Gateway Interface (CGI) is another scripting-based language commonly
used to create websites. Depending on the applications you need to
support, you may need to install the support for CGI. PHP applications
typically will require CGI to be installed on the IIS server. This
component provides a key framework for interoperability for
non-Microsoft-based applications. |
| ISAPI Extensions | Internet Server Application Programming Interface (ISAPI) provides support for dynamic content that is written using ISAPI. |
| ISAPI Filters | The
ISAPI filters help determine how requests are processed by your web
applications. The filters are files allowing you to change the
functionality of IIS to support your web applications. |
| Server Side Includes (SSI) | SSI
is another scripting-based language allowing you to dynamically include
common web clients on other web pages in your environment. For example,
if you wanted to have a common menu appear on all the web pages on your
site, your programmers could use SSI to provide the menu. |
Health and Diagnostics provides the basic functionality to monitor and tune your IIS server. Table 3 describes the features.
Table 3. Health and Diagnostics
| Component | Description |
|---|
| HTTP Logging | As
the name implies, with this you can track website activity on your IIS
server. The type of events logged are typically when an HTTP transaction
occurs (such as a web page request). This feature is installed by
default. |
| Logging Tools | This allows you to manage your logs, as well as provide the functionality to automate common logging procedures. |
| Request Monitor | This
provides the ability for you to monitor the health of your web
applications. This allows you to see when you have a process running
slowly or not responding. This allows you to identify the process to
help identify any issue. This feature is installed by default. |
| Tracing | This
is another tool allowing you to monitor your web applications,
typically used for hard-to-find problems in your website, such as when
your website times out or performs slowly because of poor performance. |
| Custom Logging | This
provides you with the ability to customize and create your own logging
format. You can create or use your own logging components by installing
this component. |
| ODBC Logging | This
provides logging for the Open Database Connectivity (ODBC) activity
generated by your web server when it is connecting to an ODBC-compliant
database. Most modern-day databases are ODBC compliant, which provides a
framework for you to log web activity to those databases. |
The next section, "Security,"
is vital in not only protecting your IIS servers but also protecting
your applications and data. The "Security" section provides you with the
ability to determine your level of secure authentication support in
IIS. By protecting the authentication mechanisms, you can control how
users will access your web server environment. You will also need to
speak to your web developers to determine which authentication
mechanisms are supported by the applications they are currently writing.
You will need to find the right blend of secure authentication,
performance, and application compatibility. IIS has the capability to
have multiple authentications supported on the server. In Table 4, you can find a list of the different authentication mechanisms and descriptions.
Table 4. Security Components
| Component | Description |
|---|
| Basic Authentication | This
method is the weakest of the authentication methods; this method stores
passwords in an easily decrypted format during transmission. If you
need to use basic authentication, make sure you also use SSL. Basic
authentication is used generally when you need to offer compatibility to
a variety of web browsers. |
| Windows Authentication | This
is a secure authentication mechanism, allowing you to leverage your
existing Windows Active Directory domain environment for authenticating
your users. You should use this solution for internal websites only, not
for users who access your website from behind proxy servers or
firewalls. |
| Digest Authentication | This
provides a more secure authentication methodology over basic
authentication. This method will also leverage your Windows Active
Directory domain environment, by sending a secure password hash to the
domain controllers. This method should be considered if you need your
users to have access to your website if they are behind proxy servers or
firewalls. |
| Client Certificate Mapping Authentication | This
allows you to use client certificates to authenticate your Active
Directory users, in a one-to-one mapping across multiple web servers. |
| IIS Client Certificate Mapping Authentication | This
is a faster performance model than client certificate mapping but also
uses client certificates to identify your users. This method can use
either one-to-one or many-to-one mappings and is typically used in
heterogeneous directory environments. |
| URL Authorization | This
provides you with a security mechanism to prevent access to websites in
your web servers. URL authorization gives you a tool to explicitly
allow or deny access to a directory on your web server either by
username or by role. You can use rules based on users, groups, or the
header verbs of your HTTP pages. |
| Request Filtering | This
method provides a layer of security at the web server to help prevent
many common hacking attacks to your server. This helps filter attacks
that may make odd requests or that may use long URLs to target your
server. This method screens all inbound requests of your server. This
provides you with a mechanism to help mitigate attacks on your server.
This feature is installed by default. |
| IP and Domain Restrictions | This
allows you to allow or deny access to your web content, based on the IP
address or domain name of the requestor. This provides an additional
layer of security to your groups, your roles, or even your NTFS
permissions. |
The last section is
Performance. There are two choices in this section: Static Content
Compression and Dynamic Content Compression. Static Content Compression
is installed by default and provides your server with the ability to
improve bandwidth utilization. As the name implies, this is useful only
for static content on your web server, and it has the additional benefit
of not affecting the CPU performance on your server.
Dynamic Content Compression
also allows you to improve the bandwidth utilization of dynamic content
for your web server. However, this method will also potentially have a
negative impact on your server's CPU performance. If your Windows Server
2008 R2 server is already heavily taxed for usage with your CPU, you
should not install this component.
2. Install IIS on Windows Server 2008 R2 Full Server Installation
After you have determined
which components you want to install for your version of IIS, you now
have to install the IIS role with the required components. Like all the
roles on Windows Server 2008 R2, you begin the process in Server
Manager:
To open Server Manager, select Start => Administrative Tools => Server Manager.
In Server Manager, click Roles.
Review the welcome screen, and click Next.
On the Select Server Roles screen, select Web Server (IIS), as shown in Figure 2, and click Next.
On the Server Role services screen, review the notes, and click Next.
Select the necessary role services to support your web application platform, and click Next.
Review the confirmation screen and your selections, and when you are ready, click Install.
Review the summary screen, correct any error messages, and click Close.
NOTE
If you accept just the
default selections, you will have a basic web server. The web server
will have basic static content and functionality. More than likely, you
will want to add some development components to provide your developers
with a platform to build applications to support your company's business
internally and externally.
