iThis section provides procedures for preparing the platform on which ILS will run. You must prepare the platform before you run Setup to ensure that your platform client and server components are working. The section includes an overview of the preparation process and procedures for preparing the platform.
As with any server product, ILS has its complexities. These complexities can best be learned through experience using the product. The following diagram shows an appropriate first platform configuration. Each ILS component, such as the ILS server, runs on its own computer. i
Important iBefore installing ILS, it is strongly recommended that you read Chapter 1, "Introducing Internet Locator Server," and Chapter 2, "ILS Fundamentals," including the platform and software architecture sections. If you do not read Chapter 2, you may miss some concepts that are critical to installation.
Preparing the platform for ILS involves the following general process:
The remainder of this chapter explains each phase of this process in detail.
iiiThis section describes the hardware and software you must install before setting up ILS. The following are platform requirements for the multiple-server configuration.
ILS requires the same minimum configuration as Microsoft Windows NT Server version 4.0 and Microsoft Internet Information Server, as described in the following table.
|
Category |
Requirement |
|
Server hardware |
32-bit x86-compatible microprocessor (such as Intel 80486/25 or higher), Intel Pentium, or supported RISC-based microprocessor, such as the Digital Alpha. |
|
Software |
Windows NT Server version 4.0 with Service Pack 1 and Internet Information Server version 3.0. |
|
Memory |
Minimum 16 megabytes (MB) of RAM for x86 systems (32 MB recommended). Minimum 32 MB of RAM for RISC-based systems. |
Quantitative tests have been conducted on the search portion of ILS. In addition, most development was completed in an environment using the following configurations:
For administration and testing purposes, your site should include a client computer with the following software:
This section describes a sample large-scale hardware and software configuration for a one-hundred-thousand-member ILS RAM database.
Before you set up the ILS software, plan the network configuration of all the ILS servers. As with any other Internet service, issues of performance, scalability, reliability, and security affect the connectivity between these computers across the Internet, wide area network (WAN), or local area network (LAN). Some important considerations include:
Before you begin setting up ILS, check to make sure that platform software is properly installed and configured.
iEach server and the administrative client must have the Windows NT Server version 4.0 operating system optimized as a server. Install Windows NT on each computer as instructed in the Microsoft Windows NT documentation.
In Windows NT Server Setup, give each computer a name that reflects the primary function of that server. For example, you might name your ILS server "ILS01."
Note Write down the names you give to your servers; you will need to specify these names when you set up ILS.
The LDAP and ILS services communicate with the Internet through IIS version 3.0 with Active Server Pages script processing. This version of IIS is included with Windows NT 4.0 with Service Pack 1 and must be installed on the ILS server with the World Wide Web service.
ILS uses the Windows NT security model as the standard and foundation for setting up accounts, rights, and privileges. This section explains how to set up the Windows NT user accounts.
iThe individuals installing ILS and performing certain ILS administrative tasks must have Windows NT Server Administrator privileges on each ILS server. The architecture of ILS requires that administrative privileges and remote logon accounts be consistent across all computers.
ILS uses NTLM security for communication between the client and an ILS server. These accounts are created during the setup process described in "Setting Up and Configuring ILS" later in this chapter.
Designed for large-scale commercial Internet service providers, the Microsoft Membership System (MBS) provides authentication, access control, and billing.
For information about setting up the Membership System, see the Microsoft Membership System documentation.
The Internet Information Server Setup program creates a user account in the computer’s Windows NT domain and sets Anonymous Logon in each of the IIS services to that user account. Internet users access ILS through this anonymous account. Client access to your Windows NT domain is determined by the rights assigned to the anonymous account.
The default account has local guest rights and the following:
Note The password is used only within the Windows NT security system. Anonymous users do not log on by using a username and password.
iILS supports LDAP Secure Sockets Layer (SSL) through port 636. Any SSL configured client can open an SSL connection to the ILS server through this port. After you have installed ILS, you can use Microsoft Internet Service Key Manager to create a new key and add a certificate for SSL. After you create the new key, submit it to your certification authority. When you receive a valid key certificate, you then import into Key Manager to associate it with the key you created earlier.
For more information about SSL, as well as instructions on using Key Manager, see the documentation for Microsoft Internet Information Server version 3.0.
iThe ILS server is set up by default to handle the following two SSPI security packages: NTLM (Windows Challenge/Response ) and DPA (Distributed Password Authentication). The NTAuthorizationProviders registry key contains the values DPA and NTLM. To fully enable the DPA package, you must install Microsoft Membership System (MBS) and make sure that the DPA setting is first in the list of authentication providers in the NTAuthenticationProviders registry key.
For information about setting up Microsoft Membership System, see the Membership System documentation.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LDAPSVC\Parameters \NTAuthenticationProviders
For information about editing registry keys, see the Microsoft Windows NT Server documentation.
Important Editing registry keys affects the service at a very fundamental level. Make sure that you are familiar with the functionality of editing registry key values.
Before setting up ILS, check the hardware, software, and companion products to make sure that they are correctly set up. In particular, check the following:
If all configurations are correct, bringing up a small network of Windows NT 4.0 servers should be straightforward. If you have trouble, consider the following troubleshooting steps: