OffSite Client File Access using WebDAV

1
Off-Site Client File Access using WebDAV

• Tim Rolston
• College of Literature, Science Arts
• University of Michigan

2
University of Michigan, LSA

• 20,000 undergraduate students
• 68 Departments (Physics, Math, etc)
• 800 faculty
• 1200 staff
• 5000 Windows machines
• Only about 3200 of them managed
• Macs number about 500 now but are expected to
  grow to 1200 within 18 months.

3
Problems to be Solved

• Desire for unified file space
• Off campus access insecurity
• Multiple options for connection
• Cross platform file access
• Cant guarantee software on Windows clients

4
Possible Options

• Cutoff remote user access and implement
  SneakerNet
• Open up access for SMB connections
• Tell users to RDP in for data access
• Virtual Private Networks
• Traditional FTP publishing
• WebDAV publishing

5
What We Did

• Brought up a new Windows 2003 NLB Cluster
• Made a domain-level DFS root hosted on the NLB
  pointing at existing file server resources
• Installed IIS 6.0 and WebDAV on the NLB
• Implemented SSH Secure Shell Server on the NLB
• Implemented IPSec policies to block all traffic
  off campus except 22, 443 3389

6
What is WebDAV?

• Web Distributed Authoring and Versioning. It is
  basically a method of publishing content to web
  servers.
• It is an extension of the HTTP 1.1 Protocol
  standard which defines the exposing of any
  storage, such as a file system, over an HTTP
  connection. See RFCs 2518 and 3253.
• Microsofts implementation of WebDAV allows
  remote users to manage and work with files stored
  on an Internet Information Services (IIS) web
  server.

7
Advantages of Using WebDAV

• No additional software to configure on the client
  side
• Can be configured to use Secure Sockets Layer
  (SSL) encryption
• Locking occurs when editing content on-the-fly
• Native WebDAV file access for Macs and Linux
  Machines
• As implemented, Uses ports commonly present in
  firewall exception lists (443, 22)

8
More Advantages of Using WebDAV

• By default, WebDAV uses the same port as HTTP
  (e.g., Port 80). If using SSL, the
  WebDAV-enabled Web site can be configured to use
  any port as long as the SSL port is 443.
• Resources can be managed as if at the server by
  dragging and dropping files to copy of move them
  on the server, searching for text within files,
  and modifying the properties of files.

9
How It Works (The Basics)

• WebDAV uses the standard HTTP/1.1 verbs GET and
  PUT, as well as the extended set of HTTP verbs
  which include the LOCK and PROPFIND methods
• To publish Web content, a WebDAV-enabled web
  server (i.e., IIS) is used in conjunction with a
  WebDAV client such as Windows XP or Windows
  Server 2003. Both have integrated WebDAV clients
• A physical Windows directory is created on the
  Web server for publishing, with appropriate NTFS
  permissions
• A Web site, or virtual directory if using an
  existing web site, is configured to point to the
  above publishing directory and web permissions
  are set appropriately

10
LSA Logical Server Map Overview
11
Off-Site Client Access Options

• WebDAV
• Connect as WebFolder with IE
• Connect with entry in Network Places
• Map a drive with something like WebDrive
• SFTP
• Connect with SFTP client
• Map a drive with something like WebDrive

12
LSA File System Overview

• Demo

13
Known Issues

• You need Windows Server 2003 SP1 or KB842130
  patch
• Access databases cant be opened remotely
• Capable Applications commonly re-prompt for
  password
• MacOS file store bug
• MacOS no file extension bug

14
What Next?

• Multi-Tier Model with HSM
• The Good
• Works with IE WebDAV connection
• Works with graphical SFTP client
• The Bad
• Not yet tested with Macs/Linux

15
Questions?

• Tim Rolston, MCSE
• University of Michigan, College of Literature
  Science and Arts
• 1007 East Huron
• Ann Arbor, Michigan
• 48104
• twrolsto_at_umich.edu