DESY WindowsNT WebServices

1
DESY WindowsNT Web-Services

• Henner Bartels
• DESY WindowsNT Group

2
Abstract

• I will present the DESY WindowsNT solution for
  providing web services to our NT community.
• As an example for web-based computing an intranet
  application scenario displaying our NT domain
  management tools will be reviewed.

3
Topics of Discussion

• Motivations for implementing NT-based
  web-services
• Implementation of our IIS-cluster
• Application design considerations
• NT domain management scenario

4
Motivations for Implementing NT-based Web-services

• Demands of the WindowsNT group
• Requests of DESY groups
• End-user support

5
Demands of the WindowsNT Group

• Increasing demands for web-based, cross-platform
  capable computing
• NT domain administration
• MS BackOffice family relies on services provided
  by IIS
• Exchange, Office, WebDAV
• MTS, MSMQ
• Simplified global collaboration and data exchange

6
Requests of DESY Groups

• Complex web sites needed without having to setup
  a dedicated web server
• None or minimal management overhead desired
• Server-side scripting (e.g. CGI, ASP)
• Access to other domain resources
• Secured and closed forums

7
Group Webs

• Group web spaces appear as sub-directories in the
  WindowsNT web
• Full server-side scripting support including
  Perl, VBScript and others
• Domain resources can be accessed using ActiveX,
  ADO, ADSI and MTS
• No management overhead
• No support for https (using NT ACLs)

8
End-User Support

• Personal web pages(e.g. www.desy.de/hbartels)
• Available to users with Unix accounts
• No solution for non-Unix users or those
  preferring to create content on NT without the
  hassle of file-transfer

9
Personal WebPages

• Now fully supported(e.g. desyntwww.desy.de/hbart
  els)
• Web content located in the user home directory
• No server-side scripting (security!)
• No support for https (using NT ACLs)
• A platform-independent solution is still pending

10
Implementation of Our IIS-cluster

• Key requirements
• Server configuration
• Cluster setup
• Data flow
• Manageability
• Drawbacks

11
Key Requirements

• Scalable and robust solution
• Simple to manage
• Highly integrated with MS BackOffice
• Security using SSL, NTFS
• Content stored where user and group data are
  located
• Server-side scripting using WSH

12
Server Configuration

• Compatible industry PC equipped with
• Pentium II running at 350 MHz
• 256 MB RAM
• 2 IDE Disks (mirrored, lt 1 GB used)
• 2 NICs (1 onboard / 1 PCI card)
• NT Enterprise Server, SP 5
• IIS, Index Server, related Hot-Fixes
• Active State Perl

13
Cluster Considerations

• To provide service reliability clustering
• technologies are employed
• MS Cluster Server (Wolf Pack)
• Fail-Over Server without load-balancing
• Requires (expensive) hardware
• Windows Load Balancing Service
• No Fail-Over
• IP-based load-balancing (up to 32 nodes)
• In case a node fails only those connections will
  have to reconnect

14
How WLBS Works

• Cluster NIC sharesIP address andMAC on all
  nodes
• Handles Clustertraffic and inboundconnections
• The dedicatedNIC manages theestablished
  connections

15
Cluster Setup
16
Data Flow
17
Manageability

• Cluster nodes can be managed using MS Management
  Console
• Configuration changes have to be replicated using
  scripts (ADSI)
• Management of Group Webs will be implemented
  using a web interface
• Setting / Removing IP restrictions
• Enabling / Disabling HTTPS
• Set directory access rights

18
Drawbacks

• IIS 4.0 is designed to store content on local
  disks
• Some ISAPI filters (e.g. .hqx) will not work
  properly
• FrontPage Server extensions can not be used
• When using HTTPS connections no ACL check is
  performed, however delegation is properly handled

19
Application Design Considerations

• Supported clients
• Client requirements
• Maintaining state information
• Using XML / XSL

20
Supported Clients

• Netscape 3
• Windows 3.11 (NICE)
• Netscape 4
• Standard Unix Browser
• Internet Explorer 4
• Standard(?) NT Browser
• Internet Explorer 5 is expected to be the next
  standard viewer on NT

21
Client Requirements

• To provide a visually appealing and
• dynamic environment clients have to
• support
• Frames
• At least JavaScript 1.1
• Layers (used in some applications)
• No Plug-Ins
• No Java /ActiveX

22
Maintaining State Information

• Use of Cookies
• Cookies are usually disabled
• Abuse URLs search part to communicate session
  state
• Difficult to maintain with static pages
• Interference when search part is used to
  transport queries or form data
• Use global JavaScript variables stored in
  top-level frame-set
• JavaScript has to be enabled

23
Using XML / XSL

• XML data and accompanying DTDs are used to
• Provide data used in multiple pages
• Store configuration information
• Markup data displayed by scripts
• XML data is processed on the server
• XSL will be used to transform data for clients
  with disabled scripting engines

24
NT Domain Management Scenario

• DESY requirements
• Commercial solutions
• Application design
• Remote scripting object
• Live demonstration

25
DESY Requirements (I)

• Computer and user management at DESY is handled
  by three groups
• User Consulting Office (UCO)
• Group administrators
• WindowsNT domain administrators
• Tasks and scope of authorization vary slightly
• Changes of user properties
• Removing a computer from the domain
• Creation of new groups

26
DESY Requirements (II)

• Setting of license-, inventory- and other
  management information
• Most of these tasks require elevated
• privileges, however the number of staff
• with administrative rights must be small

27
Commercial Solutions

• Commercial solutions (e.g. TEM) are providing
• Fine-grained control over the various NT
  management options
• NT based management clients
• They require time to setup and maintain proper
  configuration
• They do not come with a web-based client
• They can not be adopted to reflect site-specific
  or non-NT related tasks

28
Application Design

• We have implemented a framework that dynamically
  adopts to the privileges of the connecting user
• Different views exist for managing users, web
  configuration and miscellaneous tools
• Dynamic HTML, client and server-side scripting
  are providing an advanced and consistent user
  interface
• The DESY Scripting Host (DSH) is used to gather
  data and perform requested actions with the
  required privileges

29
Usage
30
Summary

• We have implemented an IIS-based web server using
  current clustering and load-balancing
  technologies
• We were able to show the availability of our
  solution by hosting multiple Group Webs over a
  period of several month
• Web-based applications have been successfully
  implemented and demonstrated no undesired
  behavior even after forcing cluster nodes to shut
  down

31
Next Steps

• Automation of cluster management
• Extending available tools
• Better modularization of components
• Migration to IIS 5.0
• Support for WebDAV