Download
mcitp guide to microsoft windows server 2008 server administration exam 70 646 n.
Skip this Video
Loading SlideShow in 5 Seconds..
MCITP Guide to Microsoft Windows Server 2008 Server Administration (Exam #70-646) PowerPoint Presentation
Download Presentation
MCITP Guide to Microsoft Windows Server 2008 Server Administration (Exam #70-646)

MCITP Guide to Microsoft Windows Server 2008 Server Administration (Exam #70-646)

138 Views Download Presentation
Download Presentation

MCITP Guide to Microsoft Windows Server 2008 Server Administration (Exam #70-646)

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. MCITP Guide to Microsoft Windows Server 2008 Server Administration (Exam #70-646) Chapter 9 Deploying IIS and Active Directory Certificate Services

  2. Learning Objectives • Install, configure, and troubleshoot Microsoft Internet Information Services (IIS) • Install, configure, and troubleshoot Active Directory Certificate Services MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  3. Implementing Microsoft Internet Information Services • Internet Information Services (IIS) • Included with Windows Server 2008 • Offer a complete Web site • Benefits • Fast • Use of software applications to coordinate with an IIS server • Internet Server Application Programming Interface (ISAPI) • Group of DLL (dynamic link library) files that are applications and filters MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  4. Implementing Microsoft Internet Information Services (cont’d.) • Web Server (IIS) role • Contains the World Wide Web services which are vital for a Web site • File Transfer Protocol (FTP) service • TCP/IP-based application protocol that handles file transfers over a network • Simple Mail Transfer Protocol (SMTP) • Works with e-mail services to accept incoming e-mail from the Internet and forward it to the recipient MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  5. Implementing Microsoft Internet Information Services (cont’d.) • Reasons Windows Server 2008 is a good candidate for a Web server • Privileged-mode architecture • Fault-tolerance capabilities • Compatible with small and large databases • Users can log into a database through the IIS Open Database Connectivity (ODBC) drivers • Compatible with: • Microsoft Point-to-Point Encryption (MPPE) security • IP Security (IPsec) • Secure Sockets Layer (SSL) encryption technique MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  6. Implementing Microsoft Internet Information Services (cont’d.) • IIS newly designed for Windows Server 2008 • Broken into modules or features (role services) • Install only the features you need • Smaller attack surface • More efficient MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  7. Implementing Microsoft Internet Information Services (cont’d.) Table 9-1 Internet Information Services features (role services) MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  8. Installing a Web Server • Requirements • Windows Server 2008 installed on the computer to host IIS • TCP/IP installed on the IIS host • Access to an Internet Service Provider (ISP) • Sufficient disk space for IIS and for Web site files • Method for resolving IP addresses to computer or domain names • DNS and WINS MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  9. Installing a Web Server (cont’d.) • Activity 9-1: Installing IIS • Objective: Learn how to install IIS MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  10. Internet Information Services (IIS) Manager • Capabilities • Connect to a Web server • Manage a Web server • Manage ASP.NET • Manage authorization for users and for specific Web server roles • Manage Web server logging • Compress Web server files • Manage code modules and worker processes • Manage server certificates • Troubleshoot a Web server MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  11. Internet Information Services (IIS) Manager (cont’d.) Figure 9-1 Using IIS Manager Courtesy Course Technology/Cengage Learning MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  12. Creating a Virtual Directory • Virtual directory • Physical folder or a redirection to a Uniform Resource Locator (URL) that points to a folder • Can be accessed over the Internet, an intranet, or VPN • Reason for creating a virtual directory • Provide a shortcut path to specific IIS server content • Steps to set up a virtual directory MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  13. Creating a Virtual Directory (cont’d.) Table 9-2 Virtual directory security options MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  14. Creating a Virtual Directory (cont’d.) Figure 9-2 Properties of a virtual directory Courtesy Course Technology/Cengage Learning MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  15. Creating a Virtual Directory (cont’d.) • Set up the virtual directory to be shared • So that users who need access to add contents to the directory can do this over the network • Activity 9-2: Create a Virtual Directory • Objective: Set up a virtual directory MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  16. Creating a Virtual Directory (cont’d.) Table 9-3 Virtual directory share permissions MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  17. Figure 9-3 Creating a virtual directory Courtesy Course Technology/Cengage Learning MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  18. Managing and Configuring an IIS Web Server • Manage IIS components including: • Application pools • Group similar Web applications for management • Sites • Manage multiple Web sites from one administrative Web server • SMTP E-mail • Manage Internet e-mail • Certificates • Configure and monitor certificate security used with other Web sites MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  19. Managing and Configuring an IIS Web Server (cont’d.) Figure 9-5 Application Pools in IIS Manger Courtesy Course Technology/Cengage Learning MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  20. Managing and Configuring an IIS Web Server (cont’d.) Table 9-4 Web site features to configure MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  21. Managing and Configuring an IIS Web Server (cont’d.) • Activity 9-3: Configuring a Web Site • Objective: Learn basic Web site configuration Figure 9-6 Enabling directory browsing Courtesy Course Technology/Cengage Learning MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  22. Troubleshooting a Web Server Table 9-5 Troubleshooting IIS MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  23. Using Active Directory Certificate Services • Public key infrastructure (PKI) • Linking a public key or a combination of public and private keys to a user or network entity • Uses a certificate authority to issue public key-based digital certificates to trustworthy network entities • Certificate authority (CA) • Network entity or host that issues digital certificates of trust verifying certificate holders’ legitimacy MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  24. Using Active Directory Certificate Services (cont’d.) • Public key • Encryption method that uses a public key and private key combination • Asymmetric encryption • One key used to encrypt the data, and the other key used to decrypt it • Public key/private key method • Uses an encryption algorithm developed by Whitfield Diffie and Martin Hellman MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  25. Using Active Directory Certificate Services (cont’d.) • X.509 standards for digital certificates • Developed by International Organization for Standardization (ISO) • Function as proof of identity for a specific network entity MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  26. Using Active Directory Certificate Services (cont’d.) • X.509 certificate contains: • Certificate format version • Certificate serial number • Signature algorithm identifier • Certificate authority (certificate issuer) • Length of time the certificate is valid • ID of the certificate holder • Public key data MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  27. Using Active Directory Certificate Services (cont’d.) • Active Directory Certificate Services role • Available in Windows Server 2008 Standard, Enterprise, and Datacenter Editions • Online Responder Service • Determines the status of digital certifications • Uses the Online Certificate Status Protocol (OCSP) to obtain and decode status information MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  28. Planning Active Directory Certificate Services • Understand the four kinds of CAs that can be set up in a Microsoft server environment • Enterprise root CA • Enterprise subordinate • Standalone root • Standalone subordinate • Root CA is always configured before any other CAs MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  29. Planning Active Directory Certificate Services (cont’d.) Figure 9-7 CA hierarchy Courtesy Course Technology/Cengage Learning MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  30. Planning Active Directory Certificate Services (cont’d.) • Implement enterprise root CA and enterprise subordinates • Not standalone model • Take into account the ways in which an organization can make most use of AD CS • PKI with multiple subordinate CAs has built-in redundancy MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  31. Planning Active Directory Certificate Services (cont’d.) • Role services for Active Directory Certificate Services: • Certificate Authority • Certification Authority Web Enrollment • Online Responder • Network Device Enrollment service MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  32. Certificate Services Roles • Recommended to divide responsibilities for handling money and important security tasks in an organization • AD CS enables dividing CA responsibilities into two roles: • CA administrator • Person or persons who manage the CA server • Certificate manager • Given to those who determine which users to enroll for certificates and when to revoke certificates MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  33. Installing Active Directory Certificate Services • Active Directory Certificate Services installed in the same way as other server roles • Using Server Manager • Activity 9-4: Installing Active Directory Certificate Services • Objective: Learn how to install Active Directory Certificate Services MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  34. Installing Active Directory Certificate Services (cont’d.) Figure 9-8 Configuring an enterprise CA Courtesy Course Technology/Cengage Learning MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  35. Managing Active Directory Certificate Services • Certification Authority tool tasks • Set up CA security • Assign certificate managers • Start or stop the CA • Back up the CA • Restore the CA • Renew a CA certificate • View revoked, issued, failed, and pending certificates MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  36. Managing Active Directory Certificate Services (cont’d.) • Activity 9-5: Using the Certification Authority Tool • Objective: Learn how to use the Certification Authority tool MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  37. Figure 9-11 Security tab Courtesy Course Technology/Cengage Learning MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  38. Using Autoenrollment • Clients automatically enrolled for appropriate certificates as specified by certificate template • Set up in a two-step process • Configure autoenrollment in a certificate template • Configure a group policy to enable autoenrollment • Three levels of certificate templates • Level 1 does not support autoenrollment MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  39. Using Autoenrollment (cont’d.) • Activity 9-6: Configuring a Certificate Template for Autoenrollment • Objective: Set up an existing certificate template for autoenrollment • Activity 9-7: Configuring a Group Policy for Autoenrollment • Objective: Set up the autoenrollment group policy MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  40. Using Autoenrollment (cont’d.) Figure 9-15 Configuring the autoenrollment policy Courtesy Course Technology/Cengage Learning MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  41. Using Credential Roaming • When user logs into the network • Digital certificate information stored on the user’s computer is automatically synchronized with the digital certification information for that user stored in Active Directory • Configured as a group policy MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  42. Using Credential Roaming (cont’d.) • Circumstances that launch synchronization through credential roaming • When the client or Active Directory synchronize group policy settings • When digital certificate information is updated • When a user unlocks an account that has been automatically locked MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  43. Using Credential Roaming (cont’d.) • Activity 9-8: Configuring a Group Policy for Credential Roaming • Objective: Set up a group policy for credential roaming Figure 9-16 Enabling credential roaming Courtesy Course Technology/Cengage Learning MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  44. Network Device Enrollment Service • Enables routers, switches, and other network devices to be enrolled for digital certificates through a CA • Uses the Simple Certificate Enrollment Protocol (SCEP) and standardized X.509 digital certificates MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  45. Web Enrollment Service • For organizations that enable users to access network resources through the Web • Rather than through user accounts • Requires IIS be installed before installing Web Enrollment • Clients must use Internet Explorer version 6 or higher • Can be used only with Level 1 or 2 certificate templates MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  46. Online Responder Service • Service relies on OCSP (Online Certificate Status Protocol) • Determine if a certificate is revoked • One of two ways network applications determine which network entities have revoked certificates • Other way is to use certificate revocation lists (CRLs) • Benefits • Faster determination and better security • Can be used in conjunction with CRLs MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  47. Online Responder Service (cont’d.) • Benefits (cont’d.) • Can be used with Kerberos password security • Compatible with Web enrollment • Uses CryptoAPI 2.0 infrastructure to provide high level of security MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  48. Certificate Revocation Lists • List of certificates that have been revoked • CRL issuer is a CA • CRL issued to client applications and devices which cache the CRL for future reference until the next CRL is issued • Default method for determining certificates that have been revoked MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  49. Figure 9-17 Extensions tab Courtesy Course Technology/Cengage Learning MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)

  50. Figure 9-18 Configuring the CRL publication interval and delta CRLs Courtesy Course Technology/Cengage Learning MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)