Windows Server 2008 R2 Unleashed (84 page)

.
Configuration Editor feature page—
This new page allows an administrator to

access and manage configuration files affiliated with sections such as server, site, or

application within IIS Manager.

.
IIS Manager Permissions feature page—
This feature page is used for managing

and provisioning IIS Manager users, Windows users, and members of Windows

groups that require access to a website or application.

Installing and Configuring FTP Services

It’s hard to find a person today who hasn’t used File Transfer Protocol (FTP). FTP can be

considered the backbone for transferring files to and from a website. The basic premise of

an FTP server is based on placing files in directories and allowing users to access or publish

information with an FTP client or an FTP-enabled web browser, such as Microsoft Internet

398

CHAPTER 12

Internet Information Services

Explorer 7.0. Depending on the placement of the FTP server, amateurs and professionals

alike can either upload or download data from the Internet or intranet.

In the past few releases of IIS, Microsoft did not place a tremendous amount of emphasis

on revamping the FTP service. As a result, the Windows FTP service has not been heavily

used by the IT community as organizations require strong security and native encryption;

however, things are about to change. With Windows Server 2008 R2, Microsoft listened to

the needs of its IT community and accordingly reengineered the FTP service for IIS. It is

now more robust, dependable, and it supports SSL for data encryption.

Now that we know that FTP has been revamped and enriched with many new features,

here comes the confusing stuff. Windows Server 2008 had two FTP servers. The first FTP

server was included with the installation of IIS 7.0 on Windows Server 2008. It was,

however, not installed by default and could be added as an FTP role service in Server

Manager. The FTP service offered here was “out of the box” and is essentially the exact

same FTP solution included with IIS 6.0. Essentially, this means it did not include any new

features and functionality. In addition, the Internet Information Services IIS (6.0) Manager

legacy tools were required to administer the FTP components, service, and properties.

The second FTP server was a new and improved secure FTP service, which included all

the new bells and whistles. Unfortunately, Microsoft ran out of time and did not have

the opportunity to finalize the new FTP service before going live with Windows Server

ptg

2008. Therefore, the product was stripped from the official release of Windows Server

2008 and was considered “out-of-band,” meaning it can be obtained as a separate down-

load from Microsoft.

With Windows Server 2008 R2, a new version of FTP Server services is included with the

product as an optional component to be installed with IIS 7.5. It is fully integrated and

can be managed with the same IIS 7.5 administrative interface. FTP Server Services with

IIS 7.5 includes extended support for new Internet standards, such as FTP over Secure

Sockets Layer (SSL), support for extended character sets by including UTF-8 support, and

support for IPv6.

Examining the New FTP 7.5 Server Service Features

Microsoft has made many improvements to the FTP 7.5 Service. First, the FTP 7.5 Service

has been completely rewritten from scratch. As a result, it is more secure and meets

today’s industry standards for publishing content in a secure fashion. The following is a

list of new features for the FTP 7.5 Service running on Windows Server 2008 R2:

. There is now tight integration with IIS 7.5 websites and IIS Manager.

. It supports today’s demanding security needs by supporting FTP over SSL.

. Organizations can now host multiple FTP sites with the same IP address, as the bind-

ings support host headers.

. Both web and FTP content can be hosted from the same site.

Installing and Configuring FTP Services

399

. UTF8, IPv6, and integration with other repositories such as SQL Server are supported.

. Improved logging and diagnostics are now available.

Microsoft certainly realizes FTP is not going away and is still the preferred method for

publishing content and exchanging large pieces of data between organizations. By rewrit-

12

ing the FTP service, utilizing Extensible Markup Language (XML) configuration files, and

providing secured FTP, the product now meets today’s industry FTP requirements out of

the box without the need to purchase third-party plug-ins.

Installing the FTP Server

Similar to the previous version of IIS, the FTP publishing service is not installed by default.

To add the FTP role service included with IIS 7.5 running on Windows Server 2008 R2,

perform the following steps in Server Manager:

1. Assuming the Web Server is already installed from the previous steps in this chapter,

in Server Manager, first expand the Roles node and then select Web Server (IIS).

2. Right-click the Web Server (IIS) node, and then select Add Role Services.

3. Select the following Web Server role services and subcomponents: FTP Server, FTP

ptg

Service, and FTP Extensibility, as displayed in Figure 12.9, and then click Next.

FIGURE 12.9

Selecting the FTP 7.5 features to install.

400

CHAPTER 12

Internet Information Services

4. On the Confirm Installation Selections page, review the FTP roles, services, and

features selected for installation, and then click Install to initiate the installation

process.

5. Ensure the installation succeeded by reviewing the messages on the Installation

Results page, and then click Close.

Creating a Secure FTP 7.5 Site Using SSL

With IIS 7.5, it is not only possible to create a new FTP site or add FTP publishing to an

existing website, but it is also possible to have both FTP and HTTP coexist. To create a new

FTP site, in addition to the Default FTP Site, do the following:

1. Select Start, All Programs, Administrative Tools, Internet Information Services (IIS)

Manager.

2. In the Connections pane, expand the IIS server, and then expand the Sites node

within the tree.

3. Right-Click Sites and select Add FTP Site.

4. Enter the FTP site name and specify the physical path for the FTP site you will use. If

needed, click the Connect As button to provide path credentials.

ptg

5. In the Binding section of the Binding and SSL Settings page, enter the IP address and

port of the FTP server.

6. From within the Binding and SSL Settings page, specify a certificate and select the

Require SSL option in the SSL section.

NOTE

When using SSL, an IIS 7.5 certificate should be created prior to these procedures. For

more information on creating an IIS 7.5 certificate, review the “Using SSL Certificates”

later in this chapter.

7. Select the Start FTP Site Automatically option, and click Next, as displayed in

Figure 12.10.

8. On the Authentication and Authorization Information page, specify how users will

authenticate to the site by choosing Anonymous or Basic in the Authentication

section.

9. In the Authorization section, specify who has authorization to the site by selecting

from the following: All Users, Anonymous Users, Specified Roles or Users Groups,

and, finally, Specified Users.

10. The final setting on the Authentication and Authorization Information page is the

Permissions section. Specify the permissions for the FTP site. You can choose from

Read and/or Write.

Installing and Configuring FTP Services

401

12

FIGURE 12.10

Setting the binding and SSL settings for FTP.

11. Review the settings, as illustrated in Figure 12.11, and then click Finish to finalize

the FTP site creation.

ptg

FIGURE 12.11

Specifying authentication and authorization settings for an FTP site.

Configuring the FTP 7.5 Features and Properties

The FTP Site Creation Wizard configures the basic settings for an FTP server; however,

there is still a need to configure more advanced settings or refine the original ones. Similar

to managing websites, you no longer manage property pages by right-clicking the site. The

new FTP feature icons have replaced the old style property FTP pages. The FTP feature

icons are installed during the installation process and are located in the Central Details

402

CHAPTER 12

Internet Information Services

pane, as shown in Figure 12.12. The new FTP features for configuring basic and advanced

FTP properties consist of the following:

. FTP Authentication

. FTP Authorization Rules

. FTP Current Sessions

. FTP Directory Browsing

. FTP Firewall Support

. FTP IPv4 and Domain Restrictions

. FTP Logging

. FTP Messages

. FTP Request Filtering

. FTP SSL Settings

. FTP User Isolation

ptg

FTP Authentication Feature Page

The FTP Authentication feature page is utilized to configure authentication methods for

FTP clients. By default, an FTP site does not have authentication configured and all mecha-

FIGURE 12.12

The FTP feature icons.

Installing and Configuring FTP Services

403

nisms are disabled out of the box. An administrator must grant the desired authentication

to the FTP site. The authentication mechanisms for FTP consist of the following items:

.
Anonymous Authentication—
This built-in authentication mechanism should be