67
Clarke, R. J (2000) L909-08: 1 Office Automation & Intranets BUSS 909 Lecture 8 Internet, Intranets and Extranets: Implementation and Management

Office Automation & Intranets

  • Upload
    tara

  • View
    43

  • Download
    0

Embed Size (px)

DESCRIPTION

Office Automation & Intranets. BUSS 909. Lecture 8 Internet, Intranets and Extranets: Implementation and Management. Notices (1). Students must organise themselves into Teams in readiness for Assignment 3: - PowerPoint PPT Presentation

Citation preview

Page 1: Office Automation & Intranets

Clarke, R. J (2000) L909-08: 1

Office Automation & Intranets

BUSS 909

Lecture 8Internet, Intranets and Extranets:

Implementation and Management

Page 2: Office Automation & Intranets

Clarke, R. J (2000) L909-08: 2

Notices (1)

Students must organise themselves into Teams in readiness for Assignment 3:Each team must have 5 students, and must

nominate a Team Leader (if necessary a 6th student may be allocated to a group)

Teams should, if possible, belong to the same Tutorial Class

Team membership must be emailed to me prior to Monday 7th September 12:30 (Week 9)

Page 3: Office Automation & Intranets

Clarke, R. J (2000) L909-08: 3

Agenda

Web Servers Installation Performance Maintenance Security- Firewalls

Testing Client-side Testing Server-side Testing

Maintenance and Integration Web Site Maintenance Web Applications

Page 4: Office Automation & Intranets

Clarke, R. J (2000) L909-08: 4

Web Server Installation

Page 5: Office Automation & Intranets

Clarke, R. J (2000) L909-08: 5

Web Server Installationset up of Web Servers may be non-

trivial; the steps are likely to include:installing a pre-compiled server- for

example, HTTP Deamon Server (httpd) from NCSA

compilation of a server- to produce the required binaries

site specific configuration- for httpd you are required to adjust the contents of three files

Page 6: Office Automation & Intranets

Clarke, R. J (2000) L909-08: 6

Web Server Installation

Installation of the Server- move the httpd server and its files and directories to the required locations before starting the Web Server

Starting the Server- often can run servers in a prototyping mode for testing (inetd) or in a standalone mode for production

Page 7: Office Automation & Intranets

Clarke, R. J (2000) L909-08: 7

Web Server InstallationMapping URLs to Documents- when a URL

does not include a directory path or a filename, the web server: either returns the contents of a file called index.htmlor, the file does not exist and the web server

automatically generates a directory index (similar to ls-1)

Testing the Web Server- exercise the server via a browser, should as a minimum provide an index.html

Page 8: Office Automation & Intranets

Clarke, R. J (2000) L909-08: 8

Web Server InstallationSetting Up Home Pages- most often the entry

point to a web server is a home page- home.html. Can have one or many depending on the number of sites being hosted

Delegating Document Tree Management-discussion has assumed that a single user is using

the web serverin reality content maintenance is the responsibility of

an authoring community- rights to subdirectories etc

Page 9: Office Automation & Intranets

Clarke, R. J (2000) L909-08: 9

Web Server Installation

Conventions for Public Access- server names should start with wwwuse a CNAME alias record that maps the web

server name to an actual system nameestablish a so called webmaster alias- an email

alias that people can use to send comments, tips on broken pointers etc.

use signatures on the bottom of HTML pages mounted on the web server- often implemented as Server Side Includes (SSIs)

Page 10: Office Automation & Intranets

Clarke, R. J (2000) L909-08: 10

Web Server InstallationAnnouncing the Web Server:

there are no formal procedures for thisbut there are well-established normssend announcement message to the mailing list at

[email protected] announcement message to

[email protected] - a CERN moderated list of servers

send an announcement message to [email protected] - an NCSA moderated list

Page 11: Office Automation & Intranets

Clarke, R. J (2000) L909-08: 11

Web Server InstallationApache Web Server Successful Installation!

Page 12: Office Automation & Intranets

Clarke, R. J (2000) L909-08: 12

Web Server PerformanceSource: Yeager & McGrath (1996)

Page 13: Office Automation & Intranets

Clarke, R. J (2000) L909-08: 13

Web Server PerformanceDocument Distribution and Caching

each web server serves only one document tree (see L909-06.PPT)

web servers ‘expose’ a seamless view of information provided by the server, just as a web browser provides a seamless view of information on the web

the information provided by the server may actually be stored and organised in many different ways

Page 14: Office Automation & Intranets

Clarke, R. J (2000) L909-08: 14

Web Server PerformanceDocument Distribution and Caching

the web server acts as a translator between a simple logical view of a document tree and the physical view of files stored on the server users do not want to know the complex details of

physical storage but information providers must understand this

web servers can be configured to provide documents from a conceptually simpler ‘logical’ document tree rather than the complex ‘physical’ reality

Page 15: Office Automation & Intranets

Clarke, R. J (2000) L909-08: 15

Physical View of the Document Tree Logical View of the Document Tree

Source: Yeager & McGrath 1996, 180

web bin usr groups temp

sculpture

gargoyle-project

metallica-project

root

gryphon

root

gargoyle metallica interactive

graphics music

interactive- project

gryphon

Mapping Logical URL to Physical Disk

/gargoyles /groups/sculpture/gargoyle-project /metallica /groups/sculpture/metallica-project /interactive /groups/music/interactive-project

MAP /gargoyles/* /groups/sculpture/gargoyle-project/*MAP /metallica/* /groups/sculpture/metallica-project/*MAP /interactive/* /groups/music/interactive-project/*

RulesALIAS is the name of the function within the Apache Server that provides mapping.

Page 16: Office Automation & Intranets

Clarke, R. J (2000) L909-08: 16

Web Server PerformanceDocument Distribution and Caching

the information service provider may want the physical organisation as it is:large servers may have thousands of

documents to serve- more convenient to break documents into groups to store each separately

no single logical view will service all the needs of different users

Page 17: Office Automation & Intranets

Clarke, R. J (2000) L909-08: 17

Web Server PerformanceDocument Distribution and Caching

for high throughput systems it may be necessary to reduce the load on the server- two ways to do this:allocate part of the document tree to

another server

Page 18: Office Automation & Intranets

Clarke, R. J (2000) L909-08: 18

Web Server Maintenance

Page 19: Office Automation & Intranets

Clarke, R. J (2000) L909-08: 19

Web Server MaintenanceDepending on the type and state of the web

server, it may be necessary to enhance its capabilities by:providing additional MIME types (Multimedia

Extension) if necessaryEnabling Server-side includes- similar to include files

in programming languages- however, they can include not only files but variables

Automatic Directory Indexing- insurance against users pointing to a directory URL rather than a file URL when no index.html exists

Page 20: Office Automation & Intranets

Clarke, R. J (2000) L909-08: 20

Web Server Maintenance

Updating HTML Documents- don’t need to reboot the server, just lay the new documents over the existing ones

Managing/Analysing Log Files- on a daily/weekly basis the systems administrator should move or archive the log files to prevent them from growing to big- the process should be automated as part of standard backup procedures

Page 21: Office Automation & Intranets

Clarke, R. J (2000) L909-08: 21

Web Server Maintenance

Moving Directory Structures- on occasion parts of the document tree need to be moved in order to cope with disk space constraints or changing system environment

Mirroring Documents and Servers- mirror (duplicate) part of another hosts directory tree in order to speed up your server (fetch slow graphics overnight), or in order to spread your server’s load across another

Page 22: Office Automation & Intranets

Clarke, R. J (2000) L909-08: 22

Web Server SecurityReading 24: Lodin & Scuba (1998)

Page 23: Office Automation & Intranets

Clarke, R. J (2000) L909-08: 23

Web Server SecurityFirewalls (1)

each company that connects to WWW provides new opportunities for crackers

the general solution to secure internal networks is to construct a guarded gateway called a firewall

Page 24: Office Automation & Intranets

Clarke, R. J (2000) L909-08: 24

Web Server SecurityFirewalls (2)

firewalls are the first defense against unwelcome visits to intranets and extranets

firewalls comprise software and or hardware which collectively form a set of mechanisms that enforce secure communications traffic entering or leaving a network domain

Page 25: Office Automation & Intranets

Clarke, R. J (2000) L909-08: 25

Web Server SecurityFirewalls (3)

firewalls have several different topologies (as we will show shortly)

in general, firewalls are located between the internal network and the internet

an estimated one third of all Internet connected machines are located behind firewalls (Liu et al 1994, 497)

Page 26: Office Automation & Intranets

Clarke, R. J (2000) L909-08: 26

Web Server Security

firewalls prevent unauthorised access between networks

it implies that decisions have been made about what is allowed and disallowed across the firewall

the decisions are based on the security policy for the site

Page 27: Office Automation & Intranets

Clarke, R. J (2000) L909-08: 27

Web Server Security

firewalls work by examining the IP packets that travel between the server and the client

this approach enables the control of information flow for each of the possible internet services byIP addressby portin each direction

Page 28: Office Automation & Intranets

Clarke, R. J (2000) L909-08: 28

Firewalls- Security (based on Lodin & Schuba 1998, 27)

Firewall

Outside(untrusted)

NetworkLAN

Page 29: Office Automation & Intranets

Clarke, R. J (2000) L909-08: 29

Firewalls- Security

attempt to maintain privacy by protecting data that its entering or leaving a domain, by preventingpassive wiretapping- data eavesdroppingactive wiretapping- data change

traffic outside the firewall or internal to the domain is not affected

Page 30: Office Automation & Intranets

Clarke, R. J (2000) L909-08: 30

Firewalls- Security

firewalls guard intranets and extranets from an outside and therefore untrusted network

they may also guard against parts of the internal intranet from other parts

Page 31: Office Automation & Intranets

Clarke, R. J (2000) L909-08: 31

Firewalls- Security (based on Lodin & Schuba 1998, 27)

LAN BLAN A Firewall

Outside(untrusted)

NetworkFirewall

abc

d d’

e

Firewalls control communication to (a), from (b), or through outside network, although they cannot control messages within the LANs or external connections through the outside network

LAN A and LAN B are parts of one organisations intranet

Page 32: Office Automation & Intranets

Clarke, R. J (2000) L909-08: 32

Firewalls- Security

can protect material within the domain- stored data, computational resources, and communication resources

can be guarded against unauthorised access, browsing, leaking, modification, insertion, and deletion- can protect against ‘denial of service type’ hacks

Page 33: Office Automation & Intranets

Clarke, R. J (2000) L909-08: 33

Firewalls- Security

firewalls are generally applied to Transmission Control Protocol/Internet Protocol (TCP/IP) communications which are used in public Internet and private Intranets

controversies abound on the need for firewalls- even if they are deficient, they are a focus for computer security policy

Page 34: Office Automation & Intranets

Clarke, R. J (2000) L909-08: 34

Firewalls- Security

security mechanisms employed by firewalls correspond to layers in the Open Systems Interconnection (OSI) model

OSI model views data communication in terms of movement through a series of layers (see L909-02.PPT)1 Physical Layer; 2 Data Link Layer; 3 Network

Layer; 4 Transport Layer; 5 Session Layer; 6 Presentation Layer; 7 Application Layer

Page 35: Office Automation & Intranets

Clarke, R. J (2000) L909-08: 35

OSI Model

Layer 7

Layer 6

Layer 5

Layer 4

Layer 3

Layer 2

Layer 1

Protocols

Layer 7

Layer 6

Layer 5

Layer 4

Layer 3

Layer 2

Layer 1

2

1

2

1

33

Front-end processor Cluster Control Unit

P

P

P

P

P

P

P

P

P

AP

SP

SP

SP/P

User Node Host UserIntermediate Nodes

TerminalSoftwareor ROMRoutines

UserActions

Host

ChannelDevices

Front-endProcessor

Front-endor switching Node

Page 36: Office Automation & Intranets

Clarke, R. J (2000) L909-08: 36

Firewalls- Security

network address translation uses the network layerLayer 3: Network Layer: causes the

physical layer to transfer the frames from node to node

all seven layers in the model may employ cryptographic mechanisms

Page 37: Office Automation & Intranets

Clarke, R. J (2000) L909-08: 37

Firewalls- Security

packet filtering mechanism operates primarily on network and transport layers Layer 4: Transport Layer: enables user

and host nodes to communicate with each other; synchronizes fast- and slow- speed equipment as well as overburdened and idle units

Page 38: Office Automation & Intranets

Clarke, R. J (2000) L909-08: 38

Firewalls- Security

can impose overheads especially performance limitations (delays) on the throughput of the intranet

this is becoming less of a concern due to speed improvements with hardware (higher processing speeds) and software optimisations

Page 39: Office Automation & Intranets

Clarke, R. J (2000) L909-08: 39

Firewalls- Security

specific operations supported by firewalls include:packet filtering- a router allows/denies the

passage of data after checking its header and contents based on security rules

network address translation (NAT)- hides internal addresses and network topology of the domain from outside users

Page 40: Office Automation & Intranets

Clarke, R. J (2000) L909-08: 40

Firewalls- Security

circuit-level forwarding (low-level)- groups packets into connections. Inbound and outbound connections must connect to a proxy process before it can proceed. The proxy makes use of rules to determine whether the connection should be made.

application-level forwarding (higher-level)- firewalls can interpret data in packets in accordance with protocols and security rules

Page 41: Office Automation & Intranets

Clarke, R. J (2000) L909-08: 41

Firewalls- Security

crytographic mechanisms- enciphering or deciphering of messages using a secret code. There are many different types of crypographic meachanisms around.

Internet Engineering Task Force for the IP security (IPsec) protocols

Page 42: Office Automation & Intranets

Clarke, R. J (2000) L909-08: 42

Web Applications

Page 43: Office Automation & Intranets

Clarke, R. J (2000) L909-08: 43

Web Applications

a number of companies are implementing ‘mission-critical’ web based applicationsthese applications generally utilise

databasesattempt at developing closer alliances

with customers, suppliers, partners, and employees

Page 44: Office Automation & Intranets

Clarke, R. J (2000) L909-08: 44

Web Applications

sophisticated web applications must support complex Internet/intranet system configurationsystems level hardware/software, and

networking products must work togethersoftware elements: JAVA applets,

Microsoft Active X controls, CGI scripts, SQL code

Page 45: Office Automation & Intranets

Clarke, R. J (2000) L909-08: 45

Web ApplicationsSystem Configuration: Logical View

Firewall

Client Workstations with Web Browsers Production

Web Server

Application Server

DatabaseServer

MainframeDatabase

DevelopmentWeb Server

Page 46: Office Automation & Intranets

Clarke, R. J (2000) L909-08: 46

Web Applications

In terms of complexity, complex web applications are therefore no different to traditional systems development projects

web-based application components must be thoroughly tested to ensure that they are reliable, defect-free, and meets its original design purposes

Page 47: Office Automation & Intranets

Clarke, R. J (2000) L909-08: 47

Web ApplicationsClient-side Components

Standard WindowsGUI Objects

Browser Specific Objects

Procedural Logic (Client or Server)

Special HTMLExtension Objects•tables•frames

NavigationalObjects•text links•image links•image map links

•display text•images•backgrounds•control buttons•edit fields•list boxes•radio buttons•checkboxes•cursor•pull-down menus•dialog boxes•forms

•Java Code•Javascripts•Active X controls•procedural logic coded with various proprietary scripting languages

Multimedia Objects

•audio streams•video streams•VRML plug-ins

NetObjects Support

Page 48: Office Automation & Intranets

Clarke, R. J (2000) L909-08: 48

Web ApplicationsServer-side Components

Firewall

Application Server

Mainframe Database

•provides special purpose applications necessary to support a web application•generally invoked by passing a request from a CGI script

•Prevents unauthorised access to Intranet•Implements security policy and ‘stance’ for Web Applications

•Central repository for all data in the organisation•Database Server provides a view on the necessary subsets of this central repository data

Database Server

•provides database access for a web application•implemented using SQL commands•must support the database needs of a large number of potential users

NetObjects Support

Web Server

Production•Serves HTML/XML web pages•runs CGI scripts to provide added functions to web applications

Development•handles an internal representation of pages in a web application

Page 49: Office Automation & Intranets

Clarke, R. J (2000) L909-08: 49

Client-side Testing

Page 50: Office Automation & Intranets

Clarke, R. J (2000) L909-08: 50

Client-side TestingBrowser & Desktop

Browser compatibility testingapplication operates correctly and

consistently on different types of browsers (see Reading #22, Berghel 1996)

Desktop configuration testingverifies that the client-side operates

consistently on different client desktop machines with different configurations

Page 51: Office Automation & Intranets

Clarke, R. J (2000) L909-08: 51

Client-side TestingUsability & Documentation

Usability testinguser-centric design of the user interfacewith multimedia elements, establish that

the user activity matches the users business task flows

Documentation testingverifies the accuracy, relevance, user-

friendliness, and completeness of written user guides and online help

Page 52: Office Automation & Intranets

Clarke, R. J (2000) L909-08: 52

Client-side TestingSecurity

Security testingverifies that the web application is

immune from unauthorised access attempts

necessitates the regular determination of the accuracy of the information on the web site

determines that links have not been modified

Page 53: Office Automation & Intranets

Clarke, R. J (2000) L909-08: 53

Client-side TestingBrowser & Desktop

Error message testingproper handling of known error

conditions by the web application

Client load testingverifies the scalability of the web

application client-side while under different volumes of data

Page 54: Office Automation & Intranets

Clarke, R. J (2000) L909-08: 54

Client-side TestingPortability & Applet Scripting

Cross-platform portabilityverifies that the web application functional

behaviour is consistent across different client platforms (eg. Windows, Mac, UNIX)

Applet/Script Testingverifies applet/script behaviour of JAVA

applets, scripts, plug-ins, or Active X components when downloaded and executed client-side

Page 55: Office Automation & Intranets

Clarke, R. J (2000) L909-08: 55

Client-side TestingGUI Testing

GUI Testingverifies the overall functionality of the

Web Application with respect to its Graphical User Interface environment

Page 56: Office Automation & Intranets

Clarke, R. J (2000) L909-08: 56

Server-side Testing

Page 57: Office Automation & Intranets

Clarke, R. J (2000) L909-08: 57

Server-Side Testing

Web-server Load testingNetwork Load TestingApplication Server TestingDatabase Server Load Testing

Page 58: Office Automation & Intranets

Clarke, R. J (2000) L909-08: 58

Web Site MaintenanceLink Verification

Page 59: Office Automation & Intranets

Clarke, R. J (2000) L909-08: 59

Web Site MaintenanceLink Types

web sites will have several link typesusing NetObjects naming

conventions, web sites will have:internal links that link pages in your site

to other pages in your site, or external links that link pages in your

site to other web sites

Page 60: Office Automation & Intranets

Clarke, R. J (2000) L909-08: 60

Web Site MaintenanceLink Types

it is generally true that the same internal links get used repeatedly, for example links to home pages, and those used in navigation bars

this is not true of external links- may be used only once in the web site

even small web sites can have masses of external links

Page 61: Office Automation & Intranets

Clarke, R. J (2000) L909-08: 61

Web Site MaintenanceNeed for Link Verification

the resources referenced by external links can be re/moved from the Internet

this leads to a bad link occurring in your web site over which you have no control

fortunately, there are link verification tools both freeware and commercial which can automatically test links in your web sites

Page 62: Office Automation & Intranets

Clarke, R. J (2000) L909-08: 62

Web Site MaintenanceLink Verification Tools

suitable characteristics for link verification tools include:should be able to check weblets (that is parts

of your website), not just the entire web hierarchy

should be able to cope with the situation where a valid URL points to a web site that is temporarily down, unresponsive, or slow

ability to restart if interrupted

Page 63: Office Automation & Intranets

Clarke, R. J (2000) L909-08: 63

Further Reading

Liu, C.; Peek, J.; Jones, R.; Buus, B. and A. Nye (1994) Managing Internet Information Services Chapter 18: Setting Up a Web Server, O’Reilly & Associates, Inc. 299-324

Liu, C.; Peek, J.; Jones, R.; Buus, B. and A. Nye (1994) Managing Internet Information Services Chapter 20: Web: Gateways and Forms, O’Reilly & Associates, Inc. 357-380

Liu, C.; Peek, J.; Jones, R.; Buus, B. and A. Nye (1994) Managing Internet Information Services Chapter 21: Web: Access Control and Security, O’Reilly & Associates, Inc. 381-390

Berghel, H. (1996) “HTML Compliance and the Return of the Test Pattern” Communications of the ACM February 39 (2) 19-22 (Reading #22)

Page 64: Office Automation & Intranets

Clarke, R. J (2000) L909-08: 64

Luotonen, A. (1998) Web Proxy Servers Prentice Hall PTR Web Infrastructure Series NJ: Prentice Hall PTR

Fournier, R. (1999) A Methodology for Client/Server and Web Application Development Yourdon Press Computing Series, NJ: Yourdon Press, Prentice Hall

Lodin, S. W. and C. L. Schuba (1998) “Firewalls fend off invasions from the Net” IEEE Spectrum February 1998, 35 (2), 26- 34 (Reading #24)

Oppliger, R. (1997) “Internet Security: Firewalls and Beyond” Communications of the ACM May 40 (5) 92-102 (Reading #25)

Wood, D. (1998) “The Search for the Searcher: Use second-rate search engine software and your users will avoid your Web site in droves” Systems April 1998, 58-67 (Reading #26)

Page 65: Office Automation & Intranets

Clarke, R. J (2000) L909-08: 65

Anonymous (1998) “Serving from the baseline: APC Labs checks out entry-level Web servers from small-to-medium businesses” APC Magazine April 1998, 115-124 (Reading #27)

Schwartz, R. L. (1999) “Programming with Perl: Step-by Step Link Verification” Web Techniques 4 (3) March 1999, 30-34

Yeager, N. J. & R. E. McGrath (1996) Web Server Technology: The Advanced Guide for World Wide Web Information Providers San Francisco, California: Morgan Kaufmann

Holden, G. and M. Keller (1999) Apache Server for Windows: Little Black Book Arizona: Coriolis

Page 66: Office Automation & Intranets

Clarke, R. J (2000) L909-08: 66

Links

Web Techniques www.webtechniques.co

NewApps Software Archive http://www.newapps.com/appstopics/Win_95_HTML_and_Link_Verification_Tools.html

Viable Software Alternatives- Alert LinkRunner http://viablesoftware.com/

Tetranet Software- LinkBot Pro http://www.tetranetsoftware.com/products/linkbot.htm

Trellian- SiteMapper http://www.trellian.com/mapper/

Aman Software- CyberSpyder Link Test 2.1.5 http://www.cyberspyder.com/cslnkts1.html

Hausherr, Tilman- Xenu's Link Sleuth http://www.snafu.de/~tilman/xenulink.html

comp.lang.tcl Frequently Asked Questions (1998)

http://www.cis.ohio-state.edu/hypertext/faq/usenet/tcl-faq/part1/faq-doc-2.html

Page 67: Office Automation & Intranets

Clarke, R. J (2000) L909-08: 67

Bourne Shell (1994)

http://garfield.ir.ucf.edu/manual/aix/bourne.html

CGI Programming 101 (1997-1998)

http://lightsphere.com/dev/class/

Comprehensive Perl Archive Network (1998)

http://ftp.digital.com/pub/plan/perl/CPAN/CPAN.html

IPSec Online (1998)

http://www.data.com/tutorials/bullet_online.html