1 / 67

Office Automation & Intranets

Office Automation & Intranets. BUSS 909. Lecture 8 Internet, Intranets and Extranets: Implementation and Management. Notices (1). Students must organise themselves into Teams in readiness for Assignment 3:

tara
Download Presentation

Office Automation & Intranets

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Office Automation & Intranets BUSS 909 Lecture 8 Internet, Intranets and Extranets: Implementation and Management

  2. Notices (1) • Students must organise themselves into Teams in readiness for Assignment 3: • Each team must have 5 students, and must nominate a Team Leader (if necessary a 6th student may be allocated to a group) • Teams should, if possible, belong to the same Tutorial Class • Team membership must be emailed to me prior to Monday 7th September 12:30 (Week 9)

  3. Web Servers Installation Performance Maintenance Security- Firewalls Testing Client-side Testing Server-side Testing Maintenance and Integration Web Site Maintenance Web Applications Agenda

  4. Web Server Installation

  5. Web Server Installation • set up of Web Servers may be non-trivial; the steps are likely to include: • installing a pre-compiled server- for example, HTTP Deamon Server (httpd) from NCSA • compilation of a server- to produce the required binaries • site specific configuration- for httpd you are required to adjust the contents of three files

  6. Web Server Installation • Installation of the Server- move the httpd server and its files and directories to the required locations before starting the Web Server • Starting the Server- often can run servers in a prototyping mode for testing (inetd) or in a standalone mode for production

  7. Web Server Installation • Mapping URLs to Documents- when a URL does not include a directory path or a filename, the web server: • either returns the contents of a file called index.html • or, the file does not exist and the web server automatically generates a directory index (similar to ls-1) • Testing the Web Server- exercise the server via a browser, should as a minimum provide an index.html

  8. Web Server Installation • Setting Up Home Pages- most often the entry point to a web server is a home page- home.html. Can have one or many depending on the number of sites being hosted • Delegating Document Tree Management- • discussion has assumed that a single user is using the web server • in reality content maintenance is the responsibility of an authoring community- rights to subdirectories etc

  9. Web Server Installation • Conventions for Public Access- • server names should start with www • use a CNAME alias record that maps the web server name to an actual system name • establish a so called webmaster alias- an email alias that people can use to send comments, tips on broken pointers etc. • use signatures on the bottom of HTML pages mounted on the web server- often implemented as Server Side Includes (SSIs)

  10. Web Server Installation • Announcing the Web Server: • there are no formal procedures for this • but there are well-established norms • send announcement message to the mailing list at www-announce@www0.cern.ch • post announcement message towww-request@info.cern.ch - a CERN moderated list of servers • send an announcement message towhatz-new@nsca.uiuc.edu - an NCSA moderated list

  11. Web Server InstallationApache Web Server Successful Installation!

  12. Web Server PerformanceSource: Yeager & McGrath (1996)

  13. Web Server PerformanceDocument Distribution and Caching • each web server serves only one document tree (see L909-06.PPT) • web servers ‘expose’ a seamless view of information provided by the server, just as a web browser provides a seamless view of information on the web • the information provided by the server may actually be stored and organised in many different ways

  14. Web Server PerformanceDocument Distribution and Caching • the web server acts as a translator between a simple logical view of a document tree and the physical view of files stored on the server • users do not want to know the complex details of physical storage but information providers must understand this • web servers can be configured to provide documents from a conceptually simpler ‘logical’ document tree rather than the complex ‘physical’ reality

  15. Mapping Logical URL to Physical Disk /gargoyles /groups/sculpture/gargoyle-project /metallica /groups/sculpture/metallica-project /interactive /groups/music/interactive-project MAP /gargoyles/* /groups/sculpture/gargoyle-project/* MAP /metallica/* /groups/sculpture/metallica-project/* MAP /interactive/* /groups/music/interactive-project/* gryphon Physical View of the Document Tree Logical View of the Document Tree root root web bin usr groups temp gargoyle metallica interactive sculpture graphics music gryphon gargoyle- project metallica-project interactive- project Rules ALIAS is the name of the function within the Apache Server that provides mapping. Source: Yeager & McGrath 1996, 180

  16. Web Server PerformanceDocument Distribution and Caching • the information service provider may want the physical organisation as it is: • large servers may have thousands of documents to serve- more convenient to break documents into groups to store each separately • no single logical view will service all the needs of different users

  17. Web Server PerformanceDocument Distribution and Caching • for high throughput systems it may be necessary to reduce the load on the server- two ways to do this: • allocate part of the document tree to another server

  18. Web Server Maintenance

  19. Web Server Maintenance • Depending on the type and state of the web server, it may be necessary to enhance its capabilities by: • providing additional MIME types (Multimedia Extension) if necessary • Enabling Server-side includes- similar to include files in programming languages- however, they can include not only files but variables • Automatic Directory Indexing- insurance against users pointing to a directory URL rather than a file URL when no index.html exists

  20. Web Server Maintenance • Updating HTML Documents- don’t need to reboot the server, just lay the new documents over the existing ones • Managing/Analysing Log Files- on a daily/weekly basis the systems administrator should move or archive the log files to prevent them from growing to big- the process should be automated as part of standard backup procedures

  21. Web Server Maintenance • Moving Directory Structures- on occasion parts of the document tree need to be moved in order to cope with disk space constraints or changing system environment • Mirroring Documents and Servers- mirror (duplicate) part of another hosts directory tree in order to speed up your server (fetch slow graphics overnight), or in order to spread your server’s load across another

  22. Web Server SecurityReading 24: Lodin & Scuba (1998)

  23. Web Server SecurityFirewalls (1) • each company that connects to WWW provides new opportunities for crackers • the general solution to secure internal networks is to construct a guarded gateway called a firewall

  24. Web Server SecurityFirewalls (2) • firewalls are the first defense against unwelcome visits to intranets and extranets • firewalls comprise software and or hardware which collectively form a set of mechanisms that enforce secure communications traffic entering or leaving a network domain

  25. Web Server SecurityFirewalls (3) • firewalls have several different topologies (as we will show shortly) • in general, firewalls are located between the internal network and the internet • an estimated one third of all Internet connected machines are located behind firewalls (Liu et al 1994, 497)

  26. Web Server Security • firewalls prevent unauthorised access between networks • it implies that decisions have been made about what is allowed and disallowed across the firewall • the decisions are based on the security policyfor the site

  27. Web Server Security • firewalls work by examining the IP packetsthat travel between the server and the client • this approach enables the control of information flow for each of the possible internet services by • IP address • by port • in each direction

  28. Firewalls- Security (based on Lodin & Schuba 1998, 27) Outside (untrusted) Network LAN Firewall

  29. Firewalls- Security • attempt to maintain privacy by protecting data that its entering or leaving a domain, by preventing • passive wiretapping- data eavesdropping • active wiretapping- data change • traffic outside the firewall or internal to the domain is not affected

  30. Firewalls- Security • firewalls guard intranets and extranets from an outside and therefore untrusted network • they may also guard against parts of the internal intranet from other parts

  31. Outside (untrusted) Network Firewall Firewall Firewalls- Security (based on Lodin & Schuba 1998, 27) LAN A and LAN B are parts of one organisations intranet a b LAN B LAN A c d’ d e Firewalls control communication to (a), from (b), or through outside network, although they cannot control messages within the LANs or external connections through the outside network

  32. Firewalls- Security • can protect material within the domain- stored data, computational resources, and communication resources • can be guarded against unauthorised access, browsing, leaking, modification, insertion, and deletion- can protect against ‘denial of service type’ hacks

  33. Firewalls- Security • firewalls are generally applied to Transmission Control Protocol/Internet Protocol (TCP/IP) communications which are used in public Internet and private Intranets • controversies abound on the need for firewalls- even if they are deficient, they are a focus for computer security policy

  34. Firewalls- Security • security mechanisms employed by firewalls correspond to layers in the Open Systems Interconnection (OSI) model • OSI model views data communication in terms of movement through a series of layers (see L909-02.PPT) • 1 Physical Layer; 2 Data Link Layer; 3 Network Layer; 4 Transport Layer; 5 Session Layer; 6 Presentation Layer; 7 Application Layer

  35. Host User Intermediate Nodes User Node User Actions Layer 7 Layer 6 Layer 5 Layer 4 Layer 3 Layer 2 Layer 1 Layer 7 Layer 6 Layer 5 Layer 4 Layer 3 Layer 2 Layer 1 AP Terminal Software or ROM Routines SP Host SP SP/P Front-end or switching Node 3 P P P 3 Protocols Front-end Processor P P P 2 2 Channel Devices P 1 P P 1 Front-end processor Cluster Control Unit OSI Model

  36. Firewalls- Security • network address translation uses the network layer • Layer 3: Network Layer: causes the physical layer to transfer the frames from node to node • all seven layers in the model may employ cryptographic mechanisms

  37. Firewalls- Security • packet filtering mechanism operates primarily on network and transport layers • Layer 4: Transport Layer: enables user and host nodes to communicate with each other; synchronizes fast- and slow- speed equipment as well as overburdened and idle units

  38. Firewalls- Security • can impose overheads especially performance limitations (delays) on the throughput of the intranet • this is becoming less of a concern due to speed improvements with hardware (higher processing speeds) and software optimisations

  39. Firewalls- Security • specific operations supported by firewalls include: • packet filtering- a router allows/denies the passage of data after checking its header and contents based on security rules • network address translation (NAT)- hides internal addresses and network topology of the domain from outside users

  40. Firewalls- Security • circuit-level forwarding(low-level)- groups packets into connections. Inbound and outbound connections must connect to a proxy process before it can proceed. The proxy makes use of rules to determine whether the connection should be made. • application-level forwarding (higher-level)- firewalls can interpret data in packets in accordance with protocols and security rules

  41. Firewalls- Security • crytographic mechanisms- enciphering or deciphering of messages using a secret code. There are many different types of crypographic meachanisms around.Internet Engineering Task Force for the IP security (IPsec) protocols

  42. Web Applications

  43. Web Applications • a number of companies are implementing ‘mission-critical’ web based applications • these applications generally utilise databases • attempt at developing closer alliances with customers, suppliers, partners, and employees

  44. Web Applications • sophisticated web applications must support complex Internet/intranet system configuration • systems level hardware/software, and networking products must work together • software elements: JAVA applets, Microsoft Active X controls, CGI scripts, SQL code

  45. Web ApplicationsSystem Configuration: Logical View Client Workstations with Web Browsers Production Web Server Application Server Firewall Database Server Mainframe Database DevelopmentWeb Server

  46. Web Applications • In terms of complexity, complex web applications are therefore no different to traditional systems development projects • web-based application components must be thoroughly tested to ensure that they are reliable, defect-free, and meets its original design purposes

  47. Multimedia Objects Procedural Logic (Client or Server) Standard Windows GUI Objects Browser Specific Objects • display text • images • backgrounds • control buttons • edit fields • list boxes • radio buttons • checkboxes • cursor • pull-down menus • dialog boxes • forms • audio streams • video streams • VRML plug-ins • Java Code • Javascripts • Active X controls • procedural logic coded with various proprietary scripting languages • Special HTML • Extension Objects • tables • frames • Navigational • Objects • text links • image links • image map links Web ApplicationsClient-side Components ü NetObjects Support ü ü

  48. Web ApplicationsServer-side Components Firewall û • Prevents unauthorised access to Intranet • Implements security policy and ‘stance’ for Web Applications Database Server Mainframe Database Application Server • provides special purpose applications necessary to support a web application • generally invoked by passing a request from a CGI script • provides database access for a web application • implemented using SQL commands • must support the database needs of a large number of potential users • Central repository for • all data in the organisation • Database Server provides a view on the necessary subsets of this central repository data Web Server • Production • Serves HTML/XML web pages • runs CGI scripts to provide added functions to web applications • Development • handles an internal representation of pages in a web application û ü û û û NetObjects Support

  49. Client-side Testing

  50. Client-side TestingBrowser & Desktop • Browser compatibility testing • application operates correctly and consistently on different types of browsers (see Reading #22, Berghel 1996) • Desktop configuration testing • verifies that the client-side operates consistently on different client desktop machines with different configurations

More Related