SolutionBase: Managing virtual servers with IIS Manager in Windows Server 2003

Manage virtual servers in IIS 6.0 using IIS Manager.

In human beings, multiple personality disorder (MPD) manifests itself as different "people" living within one person. One personality may be outgoing, while another may be shy. The personalities are distinct enough that they are almost separate entities in and of themselves within one physical body.

IIS 6.0 in Windows Server 2003 supports virtual servers, which is a bit like having its own form of MPD that network administrators can use to positive effect. When IIS is configured to support virtual servers, you can host multiple Web sites, FTP sites, and SMTP servers—all inside the same server on the same operating system. Each site can have unique content and security. Using virtual servers can allow you more flexibility in serving end users, while also minimizing hardware costs. You administer virtual servers in IIS using IIS Manager.

What is IIS Manager?
IIS Manager is the MMC console snap-in that enables you to manage virtual Web services on a Windows Server 2003 computer. You can manage the following with IIS Manager:
  • Application pools—An application pool links one or more applications to a set of one or more worker processes. Application pools provide process isolation for Web services, resulting in improved performance and reliability. You use IIS Manager to create application pools and configure their properties, such as process recycling, virtual memory limits, shutdown, CPU monitoring, and many others.
  • Virtual Web servers—IIS can host multiple virtual Web servers. IIS Manager provides the interface through which you create virtual server instances, create virtual directories for virtual servers, and set all of the properties for the site and its virtual directory such as security, authentication, home directory, permissions, and many others.
  • Web service extensions—In a move toward better security, Microsoft essentially locked down IIS in a default installation. You use IIS Manager to configure whether Web services such as Active Server Pages, WebDAV, unknown CGI extensions, and others are allowed to run on the server. A default installation includes several extensions, and you can add other Web service extensions as needed.
  • Virtual FTP servers—IIS can host multiple FTP virtual servers. You use IIS Manager to create FTP virtual servers and configure all of their properties, including folder location, virtual directories, authentication and security, and many others.
  • Virtual SMTP servers—Windows Server 2003 includes an SMTP service that enables a Windows Server 2003 computer to function as an SMTP server. The SMTP service can be used to send outgoing mail or to receive mail locally. The SMTP service works in conjunction with the POP3 service or Exchange Server to provide full mail server capability for Windows Server 2003. You use IIS Manager to create SMTP virtual servers and configure their settings, such as port, access restrictions, authentication, relay restrictions, and many other properties. Note that on an Exchange Server, you manage SMTP virtual servers with Exchange Server Manager rather than IIS Manager.
  • Virtual NNTP servers—The Network News Transport Protocol (NNTP) service in Windows Server 2003 enables you to host public or private newsgroups. You might host support newsgroups for your customers, for example, or pull from public news servers to provide a local cache of certain newsgroups for your users.

By default IIS Manager provides access to the local IIS services, but you can use it to manage IIS services on remote servers, as well. For the purposes of this Daily Drill Down, we'll investigate IIS Manager's Virtual Server capabilities.

Default SMTP Virtual Server
The Default SMTP Virtual Server branch in the IIS Manager console tree pane contains the configuration for the default virtual SMTP server that IIS creates when you install the SMTP service. This branch contains two items:
  • Domains—SMTP domains provide a means for organizing messages for delivery. The SMTP service allows for two types of domains, local and remote. A local domain is a DNS domain handled by the SMTP service and for which messages are delivered locally to a Drop folder on the server. There is a single default local domain that is used to stamp message headers that have no domain specified. You can create multiple aliases for the default local domain. Remote domains are located on other servers and the SMTP service looks up the remote domains in DNS to attempt delivery. Settings for the remote domain in the SMTP virtual server enable you to specify authentication or other requirements for connecting to the remote domain's server.
  • Current Sessions—This branch shows current sessions with other SMTP servers.

Properties for the virtual server
As with other objects and virtual servers in IIS Manager, you configure an SMTP virtual server through the property sheet for the server. Click the server, then click the Properties toolbar button. You'll then see the screen shown in Figure A.

Figure A
The properties for an SMTP virtual server

Tabs on this screen include:
  • General—Use this tab to specify the IP address and port on which the virtual server will respond. You can also limit the number of concurrent connections to the server, set a connection timeout, and configure logging.
  • Access—This tab configures access and relay settings. Click the Authentication button to choose the authentication methods supported by the virtual server for connections by other SMTP servers and mail clients. The Secure Communication group on this tab lets you request and assign a server certificate to the virtual server for SSL and configure SSL properties. Click Connection on this tab to configure a list of individual addresses, subnets, or domains to be allowed or denied access to the server. Click Relay to specify individual IP addresses, subnets, or domains that are either allowed or denied the capability to relay through the virtual server. You can also configure the virtual server to allow all authenticated users to relay regardless of the allow/deny list.
  • Messages—On this tab you configure messaging limits including maximum message size, session size, number of messages per connection, number of recipients per message, the location of the bad mail directory (for undeliverable messages), and the address to which non-delivery reports (NDRs) are optionally copied (typically the postmaster or administrator account).
  • Delivery—This tab specifies options that control how the SMTP service attempts to deliver messages, whether locally or to remote SMTP servers. Several options here configure retry frequency, delay notification, and expiration timeout. Click Outbound Security to specify the authentication methods to be used for outgoing SMTP connections to other servers. Click Outbound Connections to set a limit on the number of concurrent outbound connections, connection timeout, number of connections allowed per domain, and the connection port. Click Advanced to set to set a variety of advanced settings that set the FQDN identity of the server, specify an SMTP smart host to which the local server will attempt message delivery, enable reverse DNS lookup, and other advanced properties.
  • LDAP Routing—Use this tab to configure the virtual server to use Lightweight Directory Access Protocol (LDAP) to resolve sender and recipient addresses. The tab includes settings that define the LDAP server, the LDAP search base, schema type, and other properties that define the LDAP query structure and related parameters.
  • Security—Use this tab to specify users and groups that can serve as server operators for the SMTP virtual server. Operators can make configuration changes to the virtual server.

SMTP service wizards
The SMTP service offers two wizards to assist in server configuration. The first is the New SMTP Virtual Server Wizard, which helps you set up a new virtual SMTP server. To run the wizard, right-click the server in the console tree pane and choose New, then SMTP Virtual Server. This wizard prompts for the server name as it will appear in IIS Manager, the IP address on which the server will respond, the home directory for the SMTP content (for bad mail, incoming messages, etc.), and the default domain for the virtual server. After adding the server you can fine-tune its properties as needed.

The New SMTP Domain Wizard helps you set up a new remote domain or a new alias for an existing local domain. If you choose to create a remote domain, the wizard prompts for the domain name. Otherwise, the wizard prompts for the alias name for the default local domain.

Default NNTP Virtual Server
The Network News Transport Protocol (NNTP) is the standard protocol for Internet news servers. The NNTP service in IIS enables you to create multiple NNTP virtual servers to host newsgroups, whether private or public. If hosting public newsgroups, you can configure the server to pull a news feed from another server.

When you add the NNTP service, Setup adds a Default NNTP Virtual Server to the server and this server appears in IIS Manager. The virtual server includes four items in the console tree pane, as seen in Figure B.

Figure B
The Default NNTP Virtual Server is created when you add the NNTP service.

These items include:
  • Newsgroups—The virtual server by default includes three control newsgroups that support client creation and removal of newsgroups. These newsgroups appear in the Newsgroups branch. Other newsgroups added by the administrator or by clients also appear in this branch.
  • Expiration Policies—This branch lists the virtual server's expiration policies, which define when messages expire and are deleted from the server. An expiration policy includes the newsgroups to which the policy applies and the number of hours a message will remain on the server. There are no expiration policies by default.
  • Virtual Directories—An NNTP virtual directory links an alias with a physical storage location for newsgroup content. Virtual directories provide a means for you to organize disk utilization without affecting the way clients see the NNTP newsgroup hierarchy. For example, you might maintain the support newsgroups for a particular product on one disk and the newsgroups for a different product on a different disk. The virtual directory path that clients use remains the same regardless of the physical location of the content. For example, you can change the location where the newsgroups are stored, but clients can continue to access the newsgroups through the newsgroup alias.
  • Current Sessions—This branch shows current news client connections to the virtual server.

NNTP virtual server properties
As with the other virtual server types in IIS, you configure an NNTP virtual server through its property sheet (click the virtual server, then click the Properties toolbar button). You'll then see the screen shown in Figure C.

Figure C
The properties for an NNTP virtual server

The NNTP virtual server's properties include four tabs:
  • General—On this tab, configure the IP address, TCP port, and SSL port on which the server will respond. You can also limit the number of concurrent connections to the virtual server, connection timeout, the string used in the path line for each new post, and logging settings.
  • Access—Click Authentication on this tab to specify the authentication methods to be supported for client connections to the virtual server. Click Certificate to request or assign a server certificate for SSL connections and to configure SSL properties. Click Connection to create a list to allow or deny client connections based on individual IP address, subnet, or domain.
  • Settings—This tab includes a variety of settings that control posting options, the use of control messages for automatic actions such as creating or removing newsgroups, the capability for other servers to pull news from the virtual server or post news feeds to it, the ability to set the SMTP server and default domain for moderated newsgroups, and the mail account to which NDRs are sent. If you specify a default domain for moderated newsgroups, messages for news postings in newsgroups that have no specified moderator are sent to newsgroup_name@default_domain, where newsgroup_name is the name of the target newsgroup and default_domain is the domain you specified on the Settings tab.
  • Security—Use this tab to grant operator permissions for the NNTP virtual server to users or groups. Operators can modify the virtual server's properties.

NNTP virtual server wizard
IIS Manager includes four wizards to help with setting up a virtual server and configuring newsgroups, expiration policies, and virtual directories. The New NNTP Virtual Server Wizard prompts for the following to create a new virtual server:
  • Name—This is the name for the virtual server as it appears in IIS Manager.
  • IP address—Specify the IP address on which the server will respond to NNTP protocol requests.
  • TCP port—Specify the TCP port on which the virtual server will respond to NNTP protocol requests.
  • Internal files path—This is the local path for control and other global files.
  • Storage medium—Specify that the virtual server will use either the local file system or a remote share to store newsgroup content.
  • News content path—Specify the path where the newsgroup content will be stored.

The New Newsgroup Wizard helps you set up a new newsgroup. This wizard prompts for the newsgroup name (such as, a description to appear in IIS Manager, and a pretty name. The pretty name is an optional description for the newsgroup that is sent to the client when the client uses the LIST PRETTYNAMES command to retrieve these descriptions. After you create the newsgroup, you can use its property sheet (Figure D).

Figure D
Use the property sheet for a newsgroup to configure additional settings.

Properties you can set include:
  • Description—This is the description that appears for the newsgroup in IIS Manager.
  • Pretty name—This is an optional description for clients.
  • Read only—This option allows only the designated moderator to post messages to the newsgroup.
  • Moderated—Choose this option to set the newsgroup as moderated. Messages are sent to a specified e-mail address for approval before posting.
  • Moderator—Set the e-mail address for the newsgroup moderator.
  • Set Default—Click this button to specify that the newsgroup name be pre-pended to the default domain name specified in the NNTP virtual server properties (Settings tab) and used as the moderator e-mail address for the newsgroup.

Expiration policies
Use the New NNTP Expiration Policy Wizard to create a new message expiration policy. The wizard prompts for a policy name, the newsgroups to which the policy applies, and the number of hours that messages will remain on the server before being removed. Double-click an existing policy and click Add to display the Add Newsgroup dialog box (Figure E), in which you can specify a newsgroup to include or exclude from the expiration policy.

Figure E
You can include or exclude additional newsgroups in the policy.

Virtual directories
The New NNTP Virtual Directory Wizard helps you set up virtual directories for the virtual server. The wizard prompts for the virtual directory subtree (such as, whether the directory is stored on the local file system or a remote share, and the path to the newsgroup content. You can double-click a virtual directory in the Virtual Directories container to view and set its properties (Figure F). This property sheet lets you specify whether or not messages can be posted to the newsgroup, restrict newsgroup visibility to only those users with the necessary permissions in the target folder, log access to the newsgroup, and index the newsgroup's messages using the Indexing Service.

Figure F
You can configure a handful of properties for a virtual directory.

Performing common tasks for IIS
Now that you are familiar with IIS Manager, you're ready to start creating and managing virtual Web servers. Table A lists common IIS virtual server management tasks and how to accomplish them.
Table A
Task Action
Create a new FTP virtual server Right-click FTP Sites, choose New, FTP Site to start the wizard.
Add an FTP virtual directory Right-click the FTP site and choose New, Virtual Directory.
Add a Web site virtual directory Right-click the Web site and choose New, Virtual Directory.
Add a virtual directory to a Web site Right-click the site and choose New, Virtual Directory.
Configure the SMTP virtual server Click the server and click the Properties toolbar button.
Configure NNTP virtual server Click the server and click the Properties toolbar button.