Two interfaces for remotely controlling your Web servers
When you think "distributed computing," you probably picture distributing a task's workload among different servers. But if you're running from computer to computer to mirror administrative changes on multiple servers in an enterprise Web farm, your enterprise isn't truly distributed. In a truly distributed enterprise, you should also be able to distribute management tasks.
IIS 5.0 offers two remote administration options: the Microsoft Management Console (MMC) Internet Information Services snap-in and the Internet Services Manager (HTML) tool. Both tools are capable but have limitations. To choose the best tool for your situation, you need to know each tool's functionality and drawbacks.
Configuring the Internet Information Services Snap-in
The Internet Information Services snap-in is installed by default when you install IIS. To verify the snap-in's installation, open the Control Panel Add/Remove Programs applet and click Add/Remove Windows Components. Select the Internet Information Services Snap-in check box, click Details, then verify that the Internet Information Services Snap-in check box is selected. After installation, you access the Internet Information Services console by clicking Start, Programs, Administrative Tools, then double-clicking the Internet Services Manager icon.
You can open MMC in either of two modes: user mode or author mode. The primary difference between user mode and author mode is the extent to which you can change the appearance of an MMC console.
User mode. By default, when you double-click the Internet Services Manager icon in the Administrative Tools folder, MMC opens in user mode. This mode has limited permissions to change the look of the Internet Information Services console. For example, you can't add other snap-ins (e.g., the MMC Indexing Service snap-in) to the Internet Information Services console.
Author mode. Author mode lets you change the look of MMC consoles as well as add and delete snap-ins. To open MMC in author mode, you can right-click the Internet Services Manager icon and select Author. Alternatively, you can use the /a switch at a command prompt, as in the following example:
mmc /a %systemroot%\system32inetsrv\iis.msc
The iis.msc part of the sample command specifies the file that retains the Internet Information Services console's configuration information (e.g., what snap-ins to open with).
When MMC is in author mode, you can easily add snap-ins to the Internet Information Services console. For example, to add the Indexing Service snap-in, simply open the Internet Information Services console, then choose Console, Add/Remove Snap-in. From the Standalone tab of the Add/Remove Snap-in dialog box, select Internet Information Services, then click Add. In the Add Standalone Snap-in dialog box, select the Indexing Service snap-in, then click Next to select which machine you want to manage: the local computer or the remote computer. Click Finish, click Close, then click OK.
If your enterprise consists of many servers running Microsoft Indexing Service, you might want to add an Indexing Service snap-in for each server. Then, when you need to remotely manage another server that's running Indexing Service (or any other service that has a snap-in), you can add the Indexing Service snap-in for that server.
Using MMC to Manage IIS Remotely
Use MMC for remote administration in intranet configurations when your Web servers use domain or Active Directory (AD) resources. Figure 1 shows MMC configured to manage IIS and Indexing Service on the remote machine LEONBR2000. Notice that the local machine (chumba) is preceded by an asterisk (*), whereas the remote machine has a different icon and is preceded by a double backslash (\\) to signify a network location. Managing a remote machine through MMC is no different from managing the local box: The property pages for the remote box and the local machine are identical.
Because managing remote IIS machines is so easy with MMC, you might wonder what prevents malicious users from connecting to your IIS server and doing whatever they please. Ideally, your IIS machine is behind a firewall and you access it through a VPN (the setup of which is beyond the scope of this article). But even without firewalls and VPNs, remote administration isn't as simple as it seems on the surface. Windows 2000 is a secure OS, and only users in the Administrators group can fully administer IIS (either locally or remotely). Operators can perform some administrative tasks, but these tasks are limited to simple management actions such as changing logging options for a site or setting the content-expiration time. (For information about designating operators for your IIS sites, see Brett Hill, IIS Informant, "Delegating Operator Privileges to Web Masters," February 2002, InstantDoc ID 23578.)
When connecting to the remote machine in MMC, Windows automatically establishes the connection in the security context of the user who's running MMC. For example, if a user logs on to a domain as DOMAIN\Leonbr, the connection with the target server is established in the security context of the DOMAIN\Leonbr user. The connection succeeds only when the user has Operator permissions or is a member of the Administrators group.
Previous
)
Register
Anonymous User June 09, 2005 (Article Rating: