A High-Level Look at Microsoft Internet Information Server
Ken Bergmann
Microsoft Developer Network Technology Group
November 1995
Introduction
The Microsoft® Internet Information Server is designed to deliver high speed, secure information publishing while also serving as a platform for developers and independent software vendors (ISVs) to extend the Internet's standard communication capabilities.
At the end of this article, you'll find a quick list of all the really cool stuff that you get by running the Microsoft Internet Information Server.
A server package needs several components to provide full-scale support for Internet publishing, including transport services, client applications, administrative tools, database and applications connectivity, and encrypted communication. To illustrate how the Microsoft Internet Information Server addresses these areas, let me show you some of the components provided in the new Microsoft Internet Information Server package.
| Component | Purpose |
|---|---|
| World Wide Web Service | Hypertext document publishing |
| FTP Service | File Transfer Protocol server for file transfers |
| Gopher Service | Distributed Gopher space server |
| Internet Database Connector | ODBC database gateway for the World Wide Web service |
| Secure Sockets Layer (SSL) | Client/Server Private Communication (Encyption) |
| Internet Service Manager | Server Administration (Remote and Secure) |
| Browsers | Hypertext clients for Microsoft Windows® 3.x, Windows for Workgroups, Windows 95 and Windows NT® (HTML browsers) |
How Well Does It Integrate with Windows NT?
The Microsoft Internet Information Server is tightly integrated with Windows NT Advanced Server to provide an efficient, reliable, scalable, and secure platform for internal and external Internet administrators. Windows NT Advanced Server provides the administrator with consistent and easy-to-use graphical tools to perform all administrative tasks on Microsoft Internet Information Server and Windows NT Advanced Server.
A benefit of this tight integration is the ability to share applications and interfaces with existing and future Windows NT services, along with tools such as the Internet Service Manager, Control Panel applets, User Manager, Performance Monitor, and Event Viewer. All of these should be old hat to anyone who has worked with Windows NT.
Along with sharing interfaces and tools, the Microsoft Internet Information Server can also use the services provided by Windows NT Advanced Server. For example, the Microsoft Internet Information Server can use Microsoft SQL Server to log server statistics and use the standard Windows NT Event Log to keep track of security and access information. One cool feature is the ability to use the standard Remote Access Service (RAS) transport to provide Internet Information Server resources to remote workstations. RAS provides transparent access to all the features of Windows NT Advanced Server and Microsoft Internet Information Server, including the ability to do administration and application-to-application communication.
Security
In the context of the Internet, security refers to many different aspects of publishing information. It includes protecting the site itself, storing security information at the site, and transferring data between the server and the client.
Effective security is easy to implement and manage. It is critically important that user accounts and passwords are protected even if an Internet server is compromised by some outside influence. If a site is compromised, a required security measure is to protect user confidentiality by storing security information in an encrypted database on or off the server through an administrative domain structure. Controlling the security context assigned to an anonymous user also allows the administrator tight control over the degree to which a server is exposed when connected to the Internet.
Secure Sockets Layer (SSL) provides a security scheme for bulk-encrypting data between the server and its clients when private communication is required. This type of encryption is provided with the Microsoft Internet Information Server. There are many other encryption features present in the Windows NT security model that are available to the Microsoft Internet Information Server and the Microsoft Internet Explorer Web client. The Microsoft Internet Information Server completely integrates with the object-level and user-level security services provided by the Windows NT Advanced Server security model.
The Microsoft Internet Information Server also uses Windows NT security services for challenge/response authorization of file access. This provides password authentication between the browser and the server based on Windows NT Advanced Server password authentication procedures and takes place completely in an encrypted channel. In addition, Internet Information Server includes SSL for encrypted communications.
For those who need it (that is, those who wear their ID cards on a chain around their necks), the Microsoft Internet Information Server also allows for enhanced security based on IP addresses. Along with other security mechanisms, IP security allows the administrator to grant or deny access to an Internet service based on a TCP/IP address or group of addresses.
Still another security feature of the Microsoft Internet Information Server (man, this product has a lot of security features!) is integrated Basic Authentication. This means that you can use the existing Windows NT Advanced Server security architecture and administration tools to assign permissions to specific users even over the Internet, and query for username and password without requiring new client software. You can also specify exactly which permissions (down to the file level) are granted for anonymous logins.
Administration
One of the biggest sore spots for the Internet servers today is the lack of tools and services to make administration and configuration easier. With the Microsoft Internet Information Server, you get all the services that are part of Windows NT Advanced Server, in seamless integration with existing and future services and applications.
Some of the new options and services are:
- Multiple Server Administration. Now you can monitor and administer as many servers as you can get your hands on—all at the same time, and all from the comfort of your office chair using your desktop computer. Sure beats the heck out of standing next to a cold steel tower machine they call a server, in an frigid icebox that is supposed to be the main computer center!
- FTP and Gopher Services. Because not everything on the Internet is a Web page (not that you could tell by looking), the Microsoft Internet Information Server includes FTP and Gopher services. These services can be run on the same computer or separate computers and are completely integrated with the Internet Information Server administration (Internet Service Manager) and Windows NT Advanced Server security. So you can have that huge machine in the lab running a Web page and an FTP site and Gopher space all at the same time.
- Bandwidth Throttling. No, this doesn't mean that you can throttle anyone taking up too much of your bandwidth. It means that you can now limit the amount of information that can be sent from the server at any one time. This allows other services who have to share that server's bandwidth access to the resources they need even if a particular Web page (like the one with the neat pictures on it) becomes really popular.
- Virtual Server Support (or Multi-Homing). This is my absolute favorite. You might want to lie down for this one. This allows a single server to be configured to support as many TCP/IP addresses as you want (within reason). What that means is that you can now configure and maintain an equal number of Web sites on those addresses. You don't even need to have multiple installations of the Web service—all sites are supported by the same instance of the Web service. Did you get that? I'll put this straight out for anyone who got left behind. You can run as many Web pages as you want. All off the same server! One machine, many pages. The ultimate dream for the information junkie. Blows your mind, doesn't it? At least now you know why it took so long to create this option. (And you weren't sure if this was anything new.)
- Virtual Directories. Virtual directories allow Webmasters to distribute the physical storage of their published information while providing a single directory structure to external clients. Virtual information directories are also supported for FTP and Gopher services. So your Web site can actually exist on servers all around your network, but to a browser they all look like the same address. Pretty cool, eh?
- Flexible Logging. If you are at all paranoid, you will appreciate all the new logging features that the Microsoft Internet Information Server provides. The Microsoft Internet Information Server comes with an extensive logging capability that allows log files to be automatically rotated based on the size of the log or how long the log has been in use: day, week, or month. The Microsoft Internet Information Server provides the ability to log all kinds of information about the services directly to an open database connectivity (ODBC) data source such as Microsoft SQL Server. Think of the possibilities: No more weird grepping of text files. You can now write really far-out reports using Microsoft Access, or Microsoft Excel, or any reporting tool that supports ODBC. Yes, I could waste some serious time playing with this one….
- Remote Administration. Okay, you caught me! This isn't really a new feature. Remotely administering servers is a common feature of all Microsoft BackOffice™ applications. Providing this remote capability in the Microsoft Internet Information Server is a natural extension not only for internal networks but also for servers on the Internet. Because Windows NT Advanced Server uses encrypted password negotiation for authenticated logon, your passwords are safe, and you can feel comfortable administering the server over the Internet. Well, except for all those people who still use pet names and birthdays for their passwords.
Browsers
The Microsoft Internet Information Server includes the new Internet Explorer browser with full support for HTML 3.0 and all Windows platforms, including Windows 95, Windows NT, Windows 3.x, and Windows for Workgroups.
Okay, so you can get a browser anywhere…but have you seen Internet Explorer 2.0? This browser is like a dessert I once had. It was called a Seven Layer Triple Chocolate Death Cake. One bite and you thought you had died and gone elsewhere, let me tell you! I got the same reaction from using this browser. Having used a lot of browsers and being a bit of a perfectionist, I don't get worked up about a browser very easily. This browser still gives me goosebumps. (Not as much as virtual server support, but close!)
One cool new feature built into the Microsoft Internet Information Server, both at the server and in the browsers provided with it, is called "Keep Alives." The Microsoft Internet Information Server has implemented the World Wide Web Consortium's Keep Alive protocol to enhance performance for customers continuously browsing the same site. Essentially, this new protocol standard helps browsers and servers manage sessions more effectively.
Developer Candy (and Extensions)
If you are very, very quiet and promise not to tell, I will let you in on the biggest gift for developers since…well, for a long time. The Microsoft Internet Information Server includes a new programming interface called the Internet Server API (ISAPI). This is a cool new set of programmatic interfaces for extending the capabilities of the Microsoft Internet Information Server. It has library wrappers for developers who use the old-style Windows Sockets interface, and special new functions to extend the Microsoft Win32® API, making it easy for Windows developers to incorporate Internet awareness into their applications. (For all the really cool details and stuff, make sure you read the Publishing Dynamic Applications section of the Microsoft Internet Information Server Installation and Planning Guide.)
Another big advancement in Internet server technology is the Internet Database Gateway. This package is included in the Microsoft Internet Information Server. It is a simple, yet powerful gateway for interfacing Web documents with database information. The interface is based on ODBC, so it will work with all major databases including Microsoft SQL Server, Microsoft Access, SYBASE®, and ORACLE®. For those who are well into their rollout of Internet servers, I'm sure you will appreciate this service immensely. Finally, there is an easy way to expose your business information and data without impacting your current business system.
Key Features and Benefits
Here's the basic scoop about the new Microsoft Internet Information Server:
- Runs as a Windows NT Service.
- Runs on all Windows NT Advanced Server hardware platforms (x86, Pentium®, MIPS®, Alpha™, PowerPC™).
- Designed to be scalable from single-processor to multiprocessor architectures.
- User-level and object-level security integrated into the Windows NT Advanced Server directory service.
- Private Communication Technology (enhanced SSL) included.
- Logging included for all services. Includes basic text file format with auto rollover and extended logging to any ODBC data source such as Microsoft SQL Server.
- Centralized administration from single location for multiple servers, including secure administration over the Internet with or without SSL.
- Configurable service, including TCP/IP port and time-outs; multiple virtual roots, including roots located on other computers over the network; home page location; and default name.
- Multiple virtual Web servers running with only one administrative unit and one operating system process.
- FTP supports DOS- or Unix®-style directory listings.
- Gopher+ supported.
- Per-user default directories supported.
- Logon, logoff, and per-directory welcome text configurable.
- Provides capability to develop database applications using the World Wide Web and any ODBC data source.