DESY WindowsNT Web-Services
description
Transcript of DESY WindowsNT Web-Services
SLAC HEPNT / HEPIX Meeting October 4. - 8. 1999
1
DESY WindowsNT Web-Services
Henner Bartels
DESY WindowsNT Group
SLAC HEPNT / HEPIX Meeting October 4. - 8. 1999 2
Abstract
I will present the DESY WindowsNT solution for providing web services to our NT community.
As an example for web-based computing an intranet application scenario displaying our NT domain management tools will be reviewed.
SLAC HEPNT / HEPIX Meeting October 4. - 8. 1999 3
Topics of Discussion
Motivations for implementing NT-based web-services
Implementation of our IIS-cluster Application design considerations NT domain management scenario
SLAC HEPNT / HEPIX Meeting October 4. - 8. 1999 4
Motivations for Implementing NT-based
Web-services Demands of the WindowsNT group Requests of DESY groups End-user support
SLAC HEPNT / HEPIX Meeting October 4. - 8. 1999 5
Demands of the WindowsNT Group
Increasing demands for web-based, cross-platform capable computing NT domain administration
MS BackOffice family relies on services provided by IIS Exchange, Office, WebDAV MTS, MSMQ
Simplified global collaboration and data exchange
SLAC HEPNT / HEPIX Meeting October 4. - 8. 1999 6
Requests of DESY Groups
Complex web sites needed without having to setup a dedicated web server
None or minimal management overhead desired
Server-side scripting (e.g. CGI, ASP) Access to other domain resources Secured and closed forums
SLAC HEPNT / HEPIX Meeting October 4. - 8. 1999 7
Group Webs
Group web spaces appear as sub-directories in the WindowsNT web
Full server-side scripting support including Perl, VBScript and others
Domain resources can be accessed using ActiveX, ADO, ADSI and MTS
No management overhead No support for https (using NT ACLs)
SLAC HEPNT / HEPIX Meeting October 4. - 8. 1999 8
End-User Support
Personal web pages(e.g. www.desy.de/~hbartels) Available to users with Unix accounts No solution for non-Unix users or
those preferring to create content on NT without the hassle of file-transfer
SLAC HEPNT / HEPIX Meeting October 4. - 8. 1999 9
Personal WebPages
Now fully supported(e.g. desyntwww.desy.de/~hbartels)
Web content located in the user home directory
No server-side scripting (security!) No support for https (using NT ACLs) A platform-independent solution is
still pending
SLAC HEPNT / HEPIX Meeting October 4. - 8. 1999 10
Implementation of Our IIS-cluster
Key requirements Server configuration Cluster setup Data flow Manageability Drawbacks
SLAC HEPNT / HEPIX Meeting October 4. - 8. 1999 11
Key Requirements
Scalable and robust solution Simple to manage Highly integrated with MS BackOffice Security using SSL, NTFS Content stored where user and group
data are located Server-side scripting using WSH
SLAC HEPNT / HEPIX Meeting October 4. - 8. 1999 12
Server Configuration
Compatible industry PC equipped with: Pentium II running at 350 MHz 256 MB RAM 2 IDE Disks (mirrored, < 1 GB used) 2 NICs (1 onboard / 1 PCI card)
NT Enterprise Server, SP 5 IIS, Index Server, related Hot-Fixes Active State Perl
SLAC HEPNT / HEPIX Meeting October 4. - 8. 1999 13
Cluster Considerations
To provide service reliability clustering
technologies are employed MS Cluster Server (Wolf Pack)
Fail-Over Server without load-balancing Requires (expensive) hardware
Windows Load Balancing Service No Fail-Over IP-based load-balancing (up to 32 nodes) In case a node fails only those connections
will have to reconnect
SLAC HEPNT / HEPIX Meeting October 4. - 8. 1999 14
How WLBS Works
Cluster NIC sharesIP address andMAC on all nodes
Handles Clustertraffic and inboundconnections
The dedicatedNIC manages theestablished connections
SLAC HEPNT / HEPIX Meeting October 4. - 8. 1999 15
Cluster Setup
DFS Files MTS Node Node
Switch
Hub
SLAC HEPNT / HEPIX Meeting October 4. - 8. 1999 16
Data Flow
Switch
Hub
DFS Files MTS Node Node
Client
SLAC HEPNT / HEPIX Meeting October 4. - 8. 1999 17
Manageability
Cluster nodes can be managed using MS Management Console
Configuration changes have to be replicated using scripts (ADSI)
Management of Group Webs will be implemented using a web interface Setting / Removing IP restrictions Enabling / Disabling HTTPS Set directory access rights
SLAC HEPNT / HEPIX Meeting October 4. - 8. 1999 18
Drawbacks
IIS 4.0 is designed to store content on local disks Some ISAPI filters (e.g. .hqx) will not
work properly FrontPage Server extensions can not
be used When using HTTPS connections no
ACL check is performed, however delegation is properly handled
SLAC HEPNT / HEPIX Meeting October 4. - 8. 1999 19
Application Design Considerations
Supported clients Client requirements Maintaining state information Using XML / XSL
SLAC HEPNT / HEPIX Meeting October 4. - 8. 1999 20
Supported Clients
Netscape 3 Windows 3.11 (NICE)
Netscape 4+ Standard Unix Browser
Internet Explorer 4+ Standard(?) NT Browser Internet Explorer 5 is expected to be
the next standard viewer on NT
SLAC HEPNT / HEPIX Meeting October 4. - 8. 1999 21
Client Requirements
To provide a visually appealing and
dynamic environment clients have to
support: Frames At least JavaScript 1.1 Layers (used in some applications) No Plug-Ins No Java /ActiveX
SLAC HEPNT / HEPIX Meeting October 4. - 8. 1999 22
Maintaining State Information
Use of Cookies Cookies are usually disabled
Abuse URLs search part to communicate session state Difficult to maintain with static pages Interference when search part is used to
transport queries or form data Use global JavaScript variables stored in
top-level frame-set JavaScript has to be enabled
SLAC HEPNT / HEPIX Meeting October 4. - 8. 1999 23
Using XML / XSL
XML data and accompanying DTDs are used to: Provide data used in multiple pages Store configuration information Markup data displayed by scripts
XML data is processed on the server XSL will be used to transform data for
clients with disabled scripting engines
SLAC HEPNT / HEPIX Meeting October 4. - 8. 1999 24
NT Domain Management Scenario
DESY requirements Commercial solutions Application design Remote scripting object Live demonstration
SLAC HEPNT / HEPIX Meeting October 4. - 8. 1999 25
DESY Requirements (I)
Computer and user management at DESY is handled by three groups User Consulting Office (UCO) Group administrators WindowsNT domain administrators
Tasks and scope of authorization vary slightly Changes of user properties Removing a computer from the domain Creation of new groups
SLAC HEPNT / HEPIX Meeting October 4. - 8. 1999 26
DESY Requirements (II)
Setting of license-, inventory- and other management information
Most of these tasks require elevated
privileges, however the number of staff
with administrative rights must be small
SLAC HEPNT / HEPIX Meeting October 4. - 8. 1999 27
Commercial Solutions
Commercial solutions (e.g. TEM) are providing: Fine-grained control over the various NT
management options NT based management clients
They require time to setup and maintain proper configuration
They do not come with a web-based client They can not be adopted to reflect site-
specific or non-NT related tasks
SLAC HEPNT / HEPIX Meeting October 4. - 8. 1999 28
Application Design
We have implemented a framework that dynamically adopts to the privileges of the connecting user
Different views exist for managing users, web configuration and miscellaneous tools
Dynamic HTML, client and server-side scripting are providing an advanced and consistent user interface
The DESY Scripting Host (DSH) is used to gather data and perform requested actions with the required privileges
SLAC HEPNT / HEPIX Meeting October 4. - 8. 1999 29
Usage
SLAC HEPNT / HEPIX Meeting October 4. - 8. 1999 30
Summary
We have implemented an IIS-based web server using current clustering and load-balancing technologies
We were able to show the availability of our solution by hosting multiple Group Webs over a period of several month
Web-based applications have been successfully implemented and demonstrated no undesired behavior even after forcing cluster nodes to shut down
SLAC HEPNT / HEPIX Meeting October 4. - 8. 1999 31
Next Steps
Automation of cluster management Extending available tools Better modularization of components Migration to IIS 5.0 Support for WebDAV