DESY WindowsNT Web-Services Henner Bartels DESY WindowsNT Group SLAC HEPNT / HEPIX Meeting October 4.
Download ReportTranscript DESY WindowsNT Web-Services Henner Bartels DESY WindowsNT Group SLAC HEPNT / HEPIX Meeting October 4.
DESY WindowsNT Web-Services Henner Bartels DESY WindowsNT Group SLAC HEPNT / HEPIX Meeting October 4. - 8. 1999 1 Abstract I will present the DESY WindowsNT solution for providing web services to our NT community. As an example for web-based computing an intranet application scenario displaying our NT domain management tools will be reviewed. SLAC HEPNT / HEPIX Meeting October 4. - 8. 1999 2 Topics of Discussion Motivations for implementing NTbased web-services Implementation of our IIS-cluster Application design considerations NT domain management scenario SLAC HEPNT / HEPIX Meeting October 4. - 8. 1999 3 Motivations for Implementing NT-based Web-services Demands of the WindowsNT group Requests of DESY groups End-user support SLAC HEPNT / HEPIX Meeting October 4. - 8. 1999 4 Demands of the WindowsNT Group Increasing demands for web-based, cross-platform capable computing NT domain administration MS BackOffice family relies on services provided by IIS Exchange, Office, WebDAV MTS, MSMQ Simplified global collaboration and data exchange SLAC HEPNT / HEPIX Meeting October 4. - 8. 1999 5 Requests of DESY Groups Complex web sites needed without having to setup a dedicated web server None or minimal management overhead desired Server-side scripting (e.g. CGI, ASP) Access to other domain resources Secured and closed forums SLAC HEPNT / HEPIX Meeting October 4. - 8. 1999 6 Group Webs Group web spaces appear as subdirectories in the WindowsNT web Full server-side scripting support including Perl, VBScript and others Domain resources can be accessed using ActiveX, ADO, ADSI and MTS No management overhead No support for https (using NT ACLs) SLAC HEPNT / HEPIX Meeting October 4. - 8. 1999 7 End-User Support Personal web pages (e.g. www.desy.de/~hbartels) Available to users with Unix accounts No solution for non-Unix users or those preferring to create content on NT without the hassle of file-transfer SLAC HEPNT / HEPIX Meeting October 4. - 8. 1999 8 Personal WebPages Now fully supported (e.g. desyntwww.desy.de/~hbartels) Web content located in the user home directory No server-side scripting (security!) No support for https (using NT ACLs) A platform-independent solution is still pending SLAC HEPNT / HEPIX Meeting October 4. - 8. 1999 9 Implementation of Our IIS-cluster Key requirements Server configuration Cluster setup Data flow Manageability Drawbacks SLAC HEPNT / HEPIX Meeting October 4. - 8. 1999 10 Key Requirements Scalable and robust solution Simple to manage Highly integrated with MS BackOffice Security using SSL, NTFS Content stored where user and group data are located Server-side scripting using WSH SLAC HEPNT / HEPIX Meeting October 4. - 8. 1999 11 Server Configuration Compatible industry PC equipped with: Pentium II running at 350 MHz 256 MB RAM 2 IDE Disks (mirrored, < 1 GB used) 2 NICs (1 onboard / 1 PCI card) NT Enterprise Server, SP 5 IIS, Index Server, related Hot-Fixes Active State Perl SLAC HEPNT / HEPIX Meeting October 4. - 8. 1999 12 Cluster Considerations To provide service reliability clustering technologies are employed MS Cluster Server (Wolf Pack) Fail-Over Server without load-balancing Requires (expensive) hardware Windows Load Balancing Service No Fail-Over IP-based load-balancing (up to 32 nodes) In case a node fails only those connections will have to reconnect SLAC HEPNT / HEPIX Meeting October 4. - 8. 1999 13 How WLBS Works Cluster NIC shares IP address and MAC on all nodes Handles Cluster traffic and inbound connections The dedicated NIC manages the established connections SLAC HEPNT / HEPIX Meeting October 4. - 8. 1999 14 Cluster Setup Switch Hub DFS Files MTS Node SLAC HEPNT / HEPIX Meeting October 4. - 8. 1999 Node 15 Data Flow Switch Hub Client DFS Files MTS Node SLAC HEPNT / HEPIX Meeting October 4. - 8. 1999 Node 16 Manageability Cluster nodes can be managed using MS Management Console Configuration changes have to be replicated using scripts (ADSI) Management of Group Webs will be implemented using a web interface Setting / Removing IP restrictions Enabling / Disabling HTTPS Set directory access rights SLAC HEPNT / HEPIX Meeting October 4. - 8. 1999 17 Drawbacks IIS 4.0 is designed to store content on local disks Some ISAPI filters (e.g. .hqx) will not work properly FrontPage Server extensions can not be used When using HTTPS connections no ACL check is performed, however delegation is properly handled SLAC HEPNT / HEPIX Meeting October 4. - 8. 1999 18 Application Design Considerations Supported clients Client requirements Maintaining state information Using XML / XSL SLAC HEPNT / HEPIX Meeting October 4. - 8. 1999 19 Supported Clients Netscape 3 Netscape 4+ Windows 3.11 (NICE) Standard Unix Browser Internet Explorer 4+ Standard(?) NT Browser Internet Explorer 5 is expected to be the next standard viewer on NT SLAC HEPNT / HEPIX Meeting October 4. - 8. 1999 20 Client Requirements To provide a visually appealing and dynamic environment clients have to support: Frames At least JavaScript 1.1 Layers (used in some applications) No Plug-Ins No Java /ActiveX SLAC HEPNT / HEPIX Meeting October 4. - 8. 1999 21 Maintaining State Information Use of Cookies Abuse URLs search part to communicate session state Cookies are usually disabled Difficult to maintain with static pages Interference when search part is used to transport queries or form data Use global JavaScript variables stored in top-level frame-set JavaScript has to be enabled SLAC HEPNT / HEPIX Meeting October 4. - 8. 1999 22 Using XML / XSL XML data and accompanying DTDs are used to: Provide data used in multiple pages Store configuration information Markup data displayed by scripts XML data is processed on the server XSL will be used to transform data for clients with disabled scripting engines SLAC HEPNT / HEPIX Meeting October 4. - 8. 1999 23 NT Domain Management Scenario DESY requirements Commercial solutions Application design Remote scripting object Live demonstration SLAC HEPNT / HEPIX Meeting October 4. - 8. 1999 24 DESY Requirements (I) Computer and user management at DESY is handled by three groups User Consulting Office (UCO) Group administrators WindowsNT domain administrators Tasks and scope of authorization vary slightly Changes of user properties Removing a computer from the domain Creation of new groups SLAC HEPNT / HEPIX Meeting October 4. - 8. 1999 25 DESY Requirements (II) Setting of license-, inventory- and other management information Most of these tasks require elevated privileges, however the number of staff with administrative rights must be small SLAC HEPNT / HEPIX Meeting October 4. - 8. 1999 26 Commercial Solutions Commercial solutions (e.g. TEM) are providing: Fine-grained control over the various NT management options NT based management clients They require time to setup and maintain proper configuration They do not come with a web-based client They can not be adopted to reflect sitespecific or non-NT related tasks SLAC HEPNT / HEPIX Meeting October 4. - 8. 1999 27 Application Design We have implemented a framework that dynamically adopts to the privileges of the connecting user Different views exist for managing users, web configuration and miscellaneous tools Dynamic HTML, client and server-side scripting are providing an advanced and consistent user interface The DESY Scripting Host (DSH) is used to gather data and perform requested actions with the required privileges SLAC HEPNT / HEPIX Meeting October 4. - 8. 1999 28 Usage SLAC HEPNT / HEPIX Meeting October 4. - 8. 1999 29 Summary We have implemented an IIS-based web server using current clustering and loadbalancing technologies We were able to show the availability of our solution by hosting multiple Group Webs over a period of several month Web-based applications have been successfully implemented and demonstrated no undesired behavior even after forcing cluster nodes to shut down SLAC HEPNT / HEPIX Meeting October 4. - 8. 1999 30 Next Steps Automation of cluster management Extending available tools Better modularization of components Migration to IIS 5.0 Support for WebDAV SLAC HEPNT / HEPIX Meeting October 4. - 8. 1999 31