1 / 52

MCITP Guide to Microsoft Windows Server 2008 Server Administration (Exam #70-646)

MCITP Guide to Microsoft Windows Server 2008 Server Administration (Exam #70-646). Chapter 9 Deploying IIS and Active Directory Certificate Services. Learning Objectives. Install, configure, and troubleshoot Microsoft Internet Information Services (IIS)

drea
Télécharger la présentation

MCITP Guide to Microsoft Windows Server 2008 Server Administration (Exam #70-646)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. MCITP Guide to Microsoft Windows Server 2008 Server Administration (Exam #70-646) Chapter 9 Deploying IIS and Active Directory Certificate Services

  2. Learning Objectives • Install, configure, and troubleshoot Microsoft Internet Information Services (IIS) • Install, configure, and troubleshoot Active Directory Certificate Services MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  3. Implementing Microsoft Internet Information Services • Internet Information Services (IIS) • Included with Windows Server 2008 • Offer a complete Web site • Benefits • Fast • Use of software applications to coordinate with an IIS server • Internet Server Application Programming Interface (ISAPI) • Group of DLL (dynamic link library) files that are applications and filters MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  4. Implementing Microsoft Internet Information Services (cont’d.) • Web Server (IIS) role • Contains the World Wide Web services which are vital for a Web site • File Transfer Protocol (FTP) service • TCP/IP-based application protocol that handles file transfers over a network • Simple Mail Transfer Protocol (SMTP) • Works with e-mail services to accept incoming e-mail from the Internet and forward it to the recipient MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  5. Implementing Microsoft Internet Information Services (cont’d.) • Reasons Windows Server 2008 is a good candidate for a Web server • Privileged-mode architecture • Fault-tolerance capabilities • Compatible with small and large databases • Users can log into a database through the IIS Open Database Connectivity (ODBC) drivers • Compatible with: • Microsoft Point-to-Point Encryption (MPPE) security • IP Security (IPsec) • Secure Sockets Layer (SSL) encryption technique MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  6. Implementing Microsoft Internet Information Services (cont’d.) • IIS newly designed for Windows Server 2008 • Broken into modules or features (role services) • Install only the features you need • Smaller attack surface • More efficient MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  7. Implementing Microsoft Internet Information Services (cont’d.) Table 9-1 Internet Information Services features (role services) MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  8. Installing a Web Server • Requirements • Windows Server 2008 installed on the computer to host IIS • TCP/IP installed on the IIS host • Access to an Internet Service Provider (ISP) • Sufficient disk space for IIS and for Web site files • Method for resolving IP addresses to computer or domain names • DNS and WINS MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  9. Installing a Web Server (cont’d.) • Activity 9-1: Installing IIS • Objective: Learn how to install IIS MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  10. Internet Information Services (IIS) Manager • Capabilities • Connect to a Web server • Manage a Web server • Manage ASP.NET • Manage authorization for users and for specific Web server roles • Manage Web server logging • Compress Web server files • Manage code modules and worker processes • Manage server certificates • Troubleshoot a Web server MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  11. Internet Information Services (IIS) Manager (cont’d.) Figure 9-1 Using IIS Manager Courtesy Course Technology/Cengage Learning MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  12. Creating a Virtual Directory • Virtual directory • Physical folder or a redirection to a Uniform Resource Locator (URL) that points to a folder • Can be accessed over the Internet, an intranet, or VPN • Reason for creating a virtual directory • Provide a shortcut path to specific IIS server content • Steps to set up a virtual directory MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  13. Creating a Virtual Directory (cont’d.) Table 9-2 Virtual directory security options MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  14. Creating a Virtual Directory (cont’d.) Figure 9-2 Properties of a virtual directory Courtesy Course Technology/Cengage Learning MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  15. Creating a Virtual Directory (cont’d.) • Set up the virtual directory to be shared • So that users who need access to add contents to the directory can do this over the network • Activity 9-2: Create a Virtual Directory • Objective: Set up a virtual directory MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  16. Creating a Virtual Directory (cont’d.) Table 9-3 Virtual directory share permissions MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  17. Figure 9-3 Creating a virtual directory Courtesy Course Technology/Cengage Learning MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  18. Managing and Configuring an IIS Web Server • Manage IIS components including: • Application pools • Group similar Web applications for management • Sites • Manage multiple Web sites from one administrative Web server • SMTP E-mail • Manage Internet e-mail • Certificates • Configure and monitor certificate security used with other Web sites MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  19. Managing and Configuring an IIS Web Server (cont’d.) Figure 9-5 Application Pools in IIS Manger Courtesy Course Technology/Cengage Learning MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  20. Managing and Configuring an IIS Web Server (cont’d.) Table 9-4 Web site features to configure MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  21. Managing and Configuring an IIS Web Server (cont’d.) • Activity 9-3: Configuring a Web Site • Objective: Learn basic Web site configuration Figure 9-6 Enabling directory browsing Courtesy Course Technology/Cengage Learning MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  22. Troubleshooting a Web Server Table 9-5 Troubleshooting IIS MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  23. Using Active Directory Certificate Services • Public key infrastructure (PKI) • Linking a public key or a combination of public and private keys to a user or network entity • Uses a certificate authority to issue public key-based digital certificates to trustworthy network entities • Certificate authority (CA) • Network entity or host that issues digital certificates of trust verifying certificate holders’ legitimacy MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  24. Using Active Directory Certificate Services (cont’d.) • Public key • Encryption method that uses a public key and private key combination • Asymmetric encryption • One key used to encrypt the data, and the other key used to decrypt it • Public key/private key method • Uses an encryption algorithm developed by Whitfield Diffie and Martin Hellman MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  25. Using Active Directory Certificate Services (cont’d.) • X.509 standards for digital certificates • Developed by International Organization for Standardization (ISO) • Function as proof of identity for a specific network entity MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  26. Using Active Directory Certificate Services (cont’d.) • X.509 certificate contains: • Certificate format version • Certificate serial number • Signature algorithm identifier • Certificate authority (certificate issuer) • Length of time the certificate is valid • ID of the certificate holder • Public key data MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  27. Using Active Directory Certificate Services (cont’d.) • Active Directory Certificate Services role • Available in Windows Server 2008 Standard, Enterprise, and Datacenter Editions • Online Responder Service • Determines the status of digital certifications • Uses the Online Certificate Status Protocol (OCSP) to obtain and decode status information MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  28. Planning Active Directory Certificate Services • Understand the four kinds of CAs that can be set up in a Microsoft server environment • Enterprise root CA • Enterprise subordinate • Standalone root • Standalone subordinate • Root CA is always configured before any other CAs MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  29. Planning Active Directory Certificate Services (cont’d.) Figure 9-7 CA hierarchy Courtesy Course Technology/Cengage Learning MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  30. Planning Active Directory Certificate Services (cont’d.) • Implement enterprise root CA and enterprise subordinates • Not standalone model • Take into account the ways in which an organization can make most use of AD CS • PKI with multiple subordinate CAs has built-in redundancy MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  31. Planning Active Directory Certificate Services (cont’d.) • Role services for Active Directory Certificate Services: • Certificate Authority • Certification Authority Web Enrollment • Online Responder • Network Device Enrollment service MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  32. Certificate Services Roles • Recommended to divide responsibilities for handling money and important security tasks in an organization • AD CS enables dividing CA responsibilities into two roles: • CA administrator • Person or persons who manage the CA server • Certificate manager • Given to those who determine which users to enroll for certificates and when to revoke certificates MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  33. Installing Active Directory Certificate Services • Active Directory Certificate Services installed in the same way as other server roles • Using Server Manager • Activity 9-4: Installing Active Directory Certificate Services • Objective: Learn how to install Active Directory Certificate Services MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  34. Installing Active Directory Certificate Services (cont’d.) Figure 9-8 Configuring an enterprise CA Courtesy Course Technology/Cengage Learning MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  35. Managing Active Directory Certificate Services • Certification Authority tool tasks • Set up CA security • Assign certificate managers • Start or stop the CA • Back up the CA • Restore the CA • Renew a CA certificate • View revoked, issued, failed, and pending certificates MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  36. Managing Active Directory Certificate Services (cont’d.) • Activity 9-5: Using the Certification Authority Tool • Objective: Learn how to use the Certification Authority tool MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  37. Figure 9-11 Security tab Courtesy Course Technology/Cengage Learning MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  38. Using Autoenrollment • Clients automatically enrolled for appropriate certificates as specified by certificate template • Set up in a two-step process • Configure autoenrollment in a certificate template • Configure a group policy to enable autoenrollment • Three levels of certificate templates • Level 1 does not support autoenrollment MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  39. Using Autoenrollment (cont’d.) • Activity 9-6: Configuring a Certificate Template for Autoenrollment • Objective: Set up an existing certificate template for autoenrollment • Activity 9-7: Configuring a Group Policy for Autoenrollment • Objective: Set up the autoenrollment group policy MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  40. Using Autoenrollment (cont’d.) Figure 9-15 Configuring the autoenrollment policy Courtesy Course Technology/Cengage Learning MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  41. Using Credential Roaming • When user logs into the network • Digital certificate information stored on the user’s computer is automatically synchronized with the digital certification information for that user stored in Active Directory • Configured as a group policy MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  42. Using Credential Roaming (cont’d.) • Circumstances that launch synchronization through credential roaming • When the client or Active Directory synchronize group policy settings • When digital certificate information is updated • When a user unlocks an account that has been automatically locked MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  43. Using Credential Roaming (cont’d.) • Activity 9-8: Configuring a Group Policy for Credential Roaming • Objective: Set up a group policy for credential roaming Figure 9-16 Enabling credential roaming Courtesy Course Technology/Cengage Learning MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  44. Network Device Enrollment Service • Enables routers, switches, and other network devices to be enrolled for digital certificates through a CA • Uses the Simple Certificate Enrollment Protocol (SCEP) and standardized X.509 digital certificates MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  45. Web Enrollment Service • For organizations that enable users to access network resources through the Web • Rather than through user accounts • Requires IIS be installed before installing Web Enrollment • Clients must use Internet Explorer version 6 or higher • Can be used only with Level 1 or 2 certificate templates MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  46. Online Responder Service • Service relies on OCSP (Online Certificate Status Protocol) • Determine if a certificate is revoked • One of two ways network applications determine which network entities have revoked certificates • Other way is to use certificate revocation lists (CRLs) • Benefits • Faster determination and better security • Can be used in conjunction with CRLs MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  47. Online Responder Service (cont’d.) • Benefits (cont’d.) • Can be used with Kerberos password security • Compatible with Web enrollment • Uses CryptoAPI 2.0 infrastructure to provide high level of security MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  48. Certificate Revocation Lists • List of certificates that have been revoked • CRL issuer is a CA • CRL issued to client applications and devices which cache the CRL for future reference until the next CRL is issued • Default method for determining certificates that have been revoked MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  49. Figure 9-17 Extensions tab Courtesy Course Technology/Cengage Learning MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  50. Figure 9-18 Configuring the CRL publication interval and delta CRLs Courtesy Course Technology/Cengage Learning MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

More Related