670 likes | 844 Views
Office Automation & Intranets. BUSS 909. Lecture 8 Internet, Intranets and Extranets: Implementation and Management. Notices (1). Students must organise themselves into Teams in readiness for Assignment 3:
E N D
Office Automation & Intranets BUSS 909 Lecture 8 Internet, Intranets and Extranets: Implementation and Management
Notices (1) • Students must organise themselves into Teams in readiness for Assignment 3: • Each team must have 5 students, and must nominate a Team Leader (if necessary a 6th student may be allocated to a group) • Teams should, if possible, belong to the same Tutorial Class • Team membership must be emailed to me prior to Monday 7th September 12:30 (Week 9)
Web Servers Installation Performance Maintenance Security- Firewalls Testing Client-side Testing Server-side Testing Maintenance and Integration Web Site Maintenance Web Applications Agenda
Web Server Installation • set up of Web Servers may be non-trivial; the steps are likely to include: • installing a pre-compiled server- for example, HTTP Deamon Server (httpd) from NCSA • compilation of a server- to produce the required binaries • site specific configuration- for httpd you are required to adjust the contents of three files
Web Server Installation • Installation of the Server- move the httpd server and its files and directories to the required locations before starting the Web Server • Starting the Server- often can run servers in a prototyping mode for testing (inetd) or in a standalone mode for production
Web Server Installation • Mapping URLs to Documents- when a URL does not include a directory path or a filename, the web server: • either returns the contents of a file called index.html • or, the file does not exist and the web server automatically generates a directory index (similar to ls-1) • Testing the Web Server- exercise the server via a browser, should as a minimum provide an index.html
Web Server Installation • Setting Up Home Pages- most often the entry point to a web server is a home page- home.html. Can have one or many depending on the number of sites being hosted • Delegating Document Tree Management- • discussion has assumed that a single user is using the web server • in reality content maintenance is the responsibility of an authoring community- rights to subdirectories etc
Web Server Installation • Conventions for Public Access- • server names should start with www • use a CNAME alias record that maps the web server name to an actual system name • establish a so called webmaster alias- an email alias that people can use to send comments, tips on broken pointers etc. • use signatures on the bottom of HTML pages mounted on the web server- often implemented as Server Side Includes (SSIs)
Web Server Installation • Announcing the Web Server: • there are no formal procedures for this • but there are well-established norms • send announcement message to the mailing list at www-announce@www0.cern.ch • post announcement message towww-request@info.cern.ch - a CERN moderated list of servers • send an announcement message towhatz-new@nsca.uiuc.edu - an NCSA moderated list
Web Server InstallationApache Web Server Successful Installation!
Web Server PerformanceDocument Distribution and Caching • each web server serves only one document tree (see L909-06.PPT) • web servers ‘expose’ a seamless view of information provided by the server, just as a web browser provides a seamless view of information on the web • the information provided by the server may actually be stored and organised in many different ways
Web Server PerformanceDocument Distribution and Caching • the web server acts as a translator between a simple logical view of a document tree and the physical view of files stored on the server • users do not want to know the complex details of physical storage but information providers must understand this • web servers can be configured to provide documents from a conceptually simpler ‘logical’ document tree rather than the complex ‘physical’ reality
Mapping Logical URL to Physical Disk /gargoyles /groups/sculpture/gargoyle-project /metallica /groups/sculpture/metallica-project /interactive /groups/music/interactive-project MAP /gargoyles/* /groups/sculpture/gargoyle-project/* MAP /metallica/* /groups/sculpture/metallica-project/* MAP /interactive/* /groups/music/interactive-project/* gryphon Physical View of the Document Tree Logical View of the Document Tree root root web bin usr groups temp gargoyle metallica interactive sculpture graphics music gryphon gargoyle- project metallica-project interactive- project Rules ALIAS is the name of the function within the Apache Server that provides mapping. Source: Yeager & McGrath 1996, 180
Web Server PerformanceDocument Distribution and Caching • the information service provider may want the physical organisation as it is: • large servers may have thousands of documents to serve- more convenient to break documents into groups to store each separately • no single logical view will service all the needs of different users
Web Server PerformanceDocument Distribution and Caching • for high throughput systems it may be necessary to reduce the load on the server- two ways to do this: • allocate part of the document tree to another server
Web Server Maintenance • Depending on the type and state of the web server, it may be necessary to enhance its capabilities by: • providing additional MIME types (Multimedia Extension) if necessary • Enabling Server-side includes- similar to include files in programming languages- however, they can include not only files but variables • Automatic Directory Indexing- insurance against users pointing to a directory URL rather than a file URL when no index.html exists
Web Server Maintenance • Updating HTML Documents- don’t need to reboot the server, just lay the new documents over the existing ones • Managing/Analysing Log Files- on a daily/weekly basis the systems administrator should move or archive the log files to prevent them from growing to big- the process should be automated as part of standard backup procedures
Web Server Maintenance • Moving Directory Structures- on occasion parts of the document tree need to be moved in order to cope with disk space constraints or changing system environment • Mirroring Documents and Servers- mirror (duplicate) part of another hosts directory tree in order to speed up your server (fetch slow graphics overnight), or in order to spread your server’s load across another
Web Server SecurityFirewalls (1) • each company that connects to WWW provides new opportunities for crackers • the general solution to secure internal networks is to construct a guarded gateway called a firewall
Web Server SecurityFirewalls (2) • firewalls are the first defense against unwelcome visits to intranets and extranets • firewalls comprise software and or hardware which collectively form a set of mechanisms that enforce secure communications traffic entering or leaving a network domain
Web Server SecurityFirewalls (3) • firewalls have several different topologies (as we will show shortly) • in general, firewalls are located between the internal network and the internet • an estimated one third of all Internet connected machines are located behind firewalls (Liu et al 1994, 497)
Web Server Security • firewalls prevent unauthorised access between networks • it implies that decisions have been made about what is allowed and disallowed across the firewall • the decisions are based on the security policyfor the site
Web Server Security • firewalls work by examining the IP packetsthat travel between the server and the client • this approach enables the control of information flow for each of the possible internet services by • IP address • by port • in each direction
Firewalls- Security (based on Lodin & Schuba 1998, 27) Outside (untrusted) Network LAN Firewall
Firewalls- Security • attempt to maintain privacy by protecting data that its entering or leaving a domain, by preventing • passive wiretapping- data eavesdropping • active wiretapping- data change • traffic outside the firewall or internal to the domain is not affected
Firewalls- Security • firewalls guard intranets and extranets from an outside and therefore untrusted network • they may also guard against parts of the internal intranet from other parts
Outside (untrusted) Network Firewall Firewall Firewalls- Security (based on Lodin & Schuba 1998, 27) LAN A and LAN B are parts of one organisations intranet a b LAN B LAN A c d’ d e Firewalls control communication to (a), from (b), or through outside network, although they cannot control messages within the LANs or external connections through the outside network
Firewalls- Security • can protect material within the domain- stored data, computational resources, and communication resources • can be guarded against unauthorised access, browsing, leaking, modification, insertion, and deletion- can protect against ‘denial of service type’ hacks
Firewalls- Security • firewalls are generally applied to Transmission Control Protocol/Internet Protocol (TCP/IP) communications which are used in public Internet and private Intranets • controversies abound on the need for firewalls- even if they are deficient, they are a focus for computer security policy
Firewalls- Security • security mechanisms employed by firewalls correspond to layers in the Open Systems Interconnection (OSI) model • OSI model views data communication in terms of movement through a series of layers (see L909-02.PPT) • 1 Physical Layer; 2 Data Link Layer; 3 Network Layer; 4 Transport Layer; 5 Session Layer; 6 Presentation Layer; 7 Application Layer
Host User Intermediate Nodes User Node User Actions Layer 7 Layer 6 Layer 5 Layer 4 Layer 3 Layer 2 Layer 1 Layer 7 Layer 6 Layer 5 Layer 4 Layer 3 Layer 2 Layer 1 AP Terminal Software or ROM Routines SP Host SP SP/P Front-end or switching Node 3 P P P 3 Protocols Front-end Processor P P P 2 2 Channel Devices P 1 P P 1 Front-end processor Cluster Control Unit OSI Model
Firewalls- Security • network address translation uses the network layer • Layer 3: Network Layer: causes the physical layer to transfer the frames from node to node • all seven layers in the model may employ cryptographic mechanisms
Firewalls- Security • packet filtering mechanism operates primarily on network and transport layers • Layer 4: Transport Layer: enables user and host nodes to communicate with each other; synchronizes fast- and slow- speed equipment as well as overburdened and idle units
Firewalls- Security • can impose overheads especially performance limitations (delays) on the throughput of the intranet • this is becoming less of a concern due to speed improvements with hardware (higher processing speeds) and software optimisations
Firewalls- Security • specific operations supported by firewalls include: • packet filtering- a router allows/denies the passage of data after checking its header and contents based on security rules • network address translation (NAT)- hides internal addresses and network topology of the domain from outside users
Firewalls- Security • circuit-level forwarding(low-level)- groups packets into connections. Inbound and outbound connections must connect to a proxy process before it can proceed. The proxy makes use of rules to determine whether the connection should be made. • application-level forwarding (higher-level)- firewalls can interpret data in packets in accordance with protocols and security rules
Firewalls- Security • crytographic mechanisms- enciphering or deciphering of messages using a secret code. There are many different types of crypographic meachanisms around.Internet Engineering Task Force for the IP security (IPsec) protocols
Web Applications • a number of companies are implementing ‘mission-critical’ web based applications • these applications generally utilise databases • attempt at developing closer alliances with customers, suppliers, partners, and employees
Web Applications • sophisticated web applications must support complex Internet/intranet system configuration • systems level hardware/software, and networking products must work together • software elements: JAVA applets, Microsoft Active X controls, CGI scripts, SQL code
Web ApplicationsSystem Configuration: Logical View Client Workstations with Web Browsers Production Web Server Application Server Firewall Database Server Mainframe Database DevelopmentWeb Server
Web Applications • In terms of complexity, complex web applications are therefore no different to traditional systems development projects • web-based application components must be thoroughly tested to ensure that they are reliable, defect-free, and meets its original design purposes
Multimedia Objects Procedural Logic (Client or Server) Standard Windows GUI Objects Browser Specific Objects • display text • images • backgrounds • control buttons • edit fields • list boxes • radio buttons • checkboxes • cursor • pull-down menus • dialog boxes • forms • audio streams • video streams • VRML plug-ins • Java Code • Javascripts • Active X controls • procedural logic coded with various proprietary scripting languages • Special HTML • Extension Objects • tables • frames • Navigational • Objects • text links • image links • image map links Web ApplicationsClient-side Components ü NetObjects Support ü ü
Web ApplicationsServer-side Components Firewall û • Prevents unauthorised access to Intranet • Implements security policy and ‘stance’ for Web Applications Database Server Mainframe Database Application Server • provides special purpose applications necessary to support a web application • generally invoked by passing a request from a CGI script • provides database access for a web application • implemented using SQL commands • must support the database needs of a large number of potential users • Central repository for • all data in the organisation • Database Server provides a view on the necessary subsets of this central repository data Web Server • Production • Serves HTML/XML web pages • runs CGI scripts to provide added functions to web applications • Development • handles an internal representation of pages in a web application û ü û û û NetObjects Support
Client-side TestingBrowser & Desktop • Browser compatibility testing • application operates correctly and consistently on different types of browsers (see Reading #22, Berghel 1996) • Desktop configuration testing • verifies that the client-side operates consistently on different client desktop machines with different configurations