لطفا منتظر باشید ...
Configuring IIS 6.0
After migrating the Web site content, configuration, and Apache-specific extensions, you must further configure IIS to allow proper operation of the Web sites. This post-migration configuration of IIS ensures that your Web sites run as they did on Apache before they were migrated to IIS 6.0.Figure 7.9 illustrates the process for configuring IIS 6.0 after completing the migration of the Web sites from Apache.
Figure 7.9: Configuring IIS 6.0 After Migration
Configuring Web Service Extensions
Many Web sites and applications that you migrate have extended functionality beyond static pages, including the ability to generate dynamic content. Any request handlers, such as Perl and CGI, that extend IIS functionality beyond serving static pages are known as Web service extensions. Web service extensions allow you to enable and disable the serving of dynamic content and easily determine the content types on the Web server that can initiate code.
If you installed IIS 6.0 as described in "Installing and Configuring IIS 6.0" earlier in this chapter, all Web service extensions are disabled by default. If you used another method, such as using Manage Your Server, the configuration of IIS might be different.Enabling all Web service extensions ensures the highest possible compatibility with your Web sites. However, enabling all Web service extensions creates a security risk because it increases the attack surface of IIS by enabling functionality that might be unnecessary for your server.Web service extensions allow you to enable and disable the serving of dynamic content. MIME types allow you to enable and disable the serving of static content. For more information about enabling and disabling the serving of static content, see "Configuring MIME Types" later in this chapter.
| Tip | If the appropriate Web service extension is not enabled, the Web server returns a 404 error when attempting to serve the dynamic content. |
Configure the Web service extensions by completing the following steps:
Enable the essential predefined Web service extensions based on the information in Table 7.9.
Web Service Extension | Enable When |
|---|---|
Active Server Pages | Enable this extension when one or more of the Web sites or applications contains ASP content. |
ASP.NET version 1.1.4322 | Enable this extension when one or more of the Web sites or applications contains ASP.NET content. |
FrontPage Server Extensions 2002 | Enable this extension when one or more of the Web sites are FrontPage extended. |
Internet Data Connector | Enable this extension when one or more of the Web sites or applications uses the Internet Data Connector (IDC) to display database information (content includes .idc and .idx files). |
Server-Side Includes | Enable this extension when one or more of the Web sites uses server-side include (SSI) directives to instruct the Web server to insert various types of content into a Web page. |
WebDav | Enable this extension when you want to support Web Distributed Authoring and Versioning (WebDAV) on the Web server, but it is not recommended for dedicated Web servers. |
| Important | Enable only the Web service extensions that are required by the migrated Apache Web sites. |
For each Web service extension used by your applications that is not a one of the default Web service extensions, add a new entry to the Web service extensions list and configure the status of the new entry to Allowed.
For information about how to add a Web server extension to the list, see "Configure Web Service Extensions" in "IIS Deployment Procedures" in this book.
Use a Web browser on a client computer to verify that the Web sites and applications run on the server.
Configuring MIME Types
IIS serves only static files with extensions registered in the Multipurpose Internet Mail Extensions (MIME) types list. IIS is preconfigured to recognize a default set of global MIME types, which are recognized by all configured Web sites. You can define MIME types at the Web site and directory levels, independent of one another or the types defined globally. IIS also allows you to change, remove, or configure additional MIME types. For any static content file extensions used by the Web sites hosted by IIS that are not defined in the MIME types list, you must create a corresponding MIME type entry.The Apache to IIS 6.0 Migration Tool migrates the MIME types for the Apache Web sites; however, you must add any MIME types for content that was added earlier in the Apache migration process by completing the following steps:
For each static file type used by your Web site, ensure that an entry exists in the MIME types list.When your application uses the standard MIME types included in IIS 6.0 or the MIME types migrated by the Apache to IIS 6.0 Migration Tool, no new MIME type entries are required. However, if you added new static content in earlier in the Apache migration process, then add the new MIME types. For information about how to add a MIME type to the MIME types list, see "Configure MIME Types" in "IIS Deployment Procedures" in this book.
Use a Web browser on a client computer to verify that the Web sites and applications run on the server.
Configuring Web Site Properties
After the Apache Web sites are migrated, they run in a configuration that approximates their configuration on the Apache Web server. All of the Web sites run in the default application pool with the default security identity, NetworkService. In this configuration, the Web sites do not take advantage of the enhanced security and availability of IIS 6.0.
You can further configure the Web sites to provide the following:
Improved security. In many cases, you can improve the security of the Web sites by isolating and running each one with unique identities. For more information about improving the security of the Web sites, see "Securing Web Sites and Applications" in this book.
Enhanced availability. In many cases, you can to improve the availability of your Web sites. For more information about improving the availability of your Web sites, see "Ensuring Application Availability" in this book.
Configuring Server Certificates for SSL
Some of the Web sites on the source server might use Secure Sockets Layer (SSL) to encrypt confidential information exchanged between the Web server and the client. For each SSL-encrypted Web site that you migrated from the source server, you need to ensure that you have a certificate for that Web site installed on the target server. You can either renew the existing certificates on the source server in a format that is compatible with IIS 6.0 or you can request new certificates. After you have installed the server certificates on the target server, you can import the certificates into the certificate store on the target server, and then configure your Web sites to use the appropriate certificates.
| Note | Server certificates are installed on the Web server and typically require no additional configuration on the client servers. Server certificates allow the clients to verify the identity of the server. Alternatively, some Web sites and applications might require client certificates. Client certificates are installed on the client servers and allow the server to authenticate the clients. For more information about configuring client certificates, see "Certificates" IIS 6.0 Help, which is accessible from IIS Manager. |
For each Web site and application that uses SSL, configure the server certificate for SSL by completing the following steps:
Obtain an SSL server certificate that is compatible with IIS 6.0 by doing one of the following:
Renew an existing certificate in a format that is compatible with IIS 6.0.The format of the SSL server certificate on the source server is in a format that is incompatible with IIS. You can renew an existing certificate with your certification authority in a format that is compatible with IIS 6.0.For more information about renewing existing server certificates in a format that is compatible with IIS 6.0, contact your certification authority.
Request a new certificate from a certification authority in a format that is compatible with IIS 6.0.You can use the Web Server Certificate Wizard either to generate a certificate request file (Certreq.txt, by default) that you send to a certification authority, or to generate a request for an online certification authority, such as Microsoft Certificate Services in Windows Server 2003. Depending on the level of identification assurance offered by your server certificate, you can expect to wait several days to several months for the certification authority to approve your request and send you a certificate file.For more information about requesting a server certificate by using the Web Server Certificate Wizard, see "Request a Server Certificate" in "IIS Deployment Procedures" in this book.
Install the SSL server certificate to be used by the Web site on the target server.After you obtain an SSL server certificate, you need to install the certificate on the target server. Install the SSL server certificate on the target server by using the Certificate MMC snap-in.For more information about installing the SSL server certificate on the Web server, see "Install a Server Certificate" in "IIS Deployment Procedures" in this book.
Assign the SSL server certificate to the Web site.For more information about assigning the SSL server certificate to the Web site, see "Assign a Server Certificate to a Web Site" in "IIS Deployment Procedures" in this book.
Backing Up the Target Server
Before you enable client access to the target server, perform a complete image backup of the target server. Performing this image backup provides you with a point-in-time snapshot of the Web server. If you need to restore the target server in the event of a failure, you can use this backup to restore the Web server to a known configuration.
| Important | Do not continue with the migration process unless you have a successful backup of the entire target server. Otherwise, you can lose Web sites, applications, or data that you migrated to the target server. |
For more information about how to back up the Web server, see "Back Up and Restore the Web Server to a File or Tape" in "IIS Deployment Procedures" in this book.
