 | ||
|
| ||
| ||
|
| ||
Microsoft Corporation
Updated June 23, 1999
New version for Windows 2000 Server Beta 3
Note Please read this file in its entirety. It contains important information related to the successful deployment of the Exploration Air 5.0 sample site.
Contents
Finding the Exploration Air 5 Site
System Requirements
Installation and Uninstallation
Using Microsoft SQL Server
as a Database Provider
Configuring Microsoft® Certificate
Services for Secure Sockets Layer (SSL) and Client Certificate
Authentication
Out-of-Process Components and Performance
Implications
Problems Running the Site Unless User Logged
in on Console
Problems Accessing the Employee Benefits Open Enrollment or View/Change Benefits Pages
Feedback
Welcome to the Exploration Air 5.0 sample site — a Web Application Showcase for Internet Information Services 5.0 and the Microsoft® Windows® 2000 Server operating system. Exploration Air 5.0 is a sample e-commerce Web site for a fictional airline. It demonstrates how you can use Internet Information Services 5.0 and Windows 2000 Server to build rich and dynamic Web applications using a wide variety of Microsoft Internet tools and technologies.
This site is for sample and educational purposes only. Some of the practices and procedures found herein are not recommended for actual production sites. Please refer to comments in the code and the Behind the Scenes documentation for additional information. This site is not officially supported by Microsoft or any party therein and is subject to the terms of use specified in the License Agreement.
Download the desktop version
of the
Exploration Air executable file for the Intel platform (8 MB).
Download the desktop version
of the
Exploration Air executable file for the Alpha platform (8.5 MB).
Important Before downloading this application, read the related notes and instructions in this article thoroughly.
The Exploration Air 5.0 sample site requires the following minimum hardware:
- Intel Pentium™ 133 MHz or higher microprocessor / DEC Alpha AXP
- 30 MB of disk space
- 64 MB of RAM
- 640x480 SVGA display capable of 256 colors
- Windows 2000 Server or Windows 2000 Advanced Server (Build 1946 or later)
- Component Services
- Internet Information Services 5.0
The following hardware is strongly recommended in order to obtain optimal performance:
- Intel Pentium Pro™ 200 MHz or higher microprocessor
- 128 MB of RAM or higher
- SVGA display capable of displaying 24-bit (true) color
In addition, to take advantage of all of the features of Exploration Air 5.0, the following optional Windows 2000 components must be installed:
- Indexing Service
- Certificate Services
To install either of these components, use the Add/Remove Programs / Configure Windows option in Control Panel after installing Windows 2000.
Note: The COM+ Components must be configured separately before using this version of Exploration Air 5.0. Please see the Installation and Uninstallation section of this document for more information.
To install the Exploration Air 5.0 sample site:
- Obtain the Exploration Air 5.0 self-extracting executable from Microsoft.
- Execute the ExAir5-Desktop-x86.exe or ExAir5-Desktop-alpha.exe on a machine meeting minimum the system requirements.
- Follow the prompts on the screen to install the Exploration Air 5.0 sample site.
- Once the Exploration Air 5.0 sample site is installed, the COM+ components must be configured. To do this, choose the Install ExAir5 COM+ Component, Install Benefit5 COM+ Component, and Install ProdInfo5 COM+ Component icons from the Exploration Air 5.0 Sample Site folder on the Start menu.
- Once the COM+ components have been configured, Exploration Air 5.0 will be fully installed and ready for use. You may start using Exploration Air by choosing any of the icons available in the Exploration Air 5.0 Sample Site folder on the Start menu.
To uninstall Microsoft Exploration Air 5.0:
- Open Control Panel.
- Open Add/Remove Programs folder.
- Choose the Exploration Air 5.0 Sample Site application and click Change/Remove.
- When prompted, choose Yes to remove the Exploration Air 5.0 sample site.
- When prompted, choose Yes to completely remove the selected application and all of its components.
If you have run the supplied upsizing tools and are using Microsoft SQL Server as a database back-end, the ExAir5 and ExAir5Benefits databases and any associated database devices and logfiles must be deleted manually.
To provide an upgrade path for enhanced performance, scalability, and reliability, the Exploration Air 5.0 sample site can be "upsized" by the user to support the use of Microsoft SQL Server 6.5 or 7.0 as a backend database provider in lieu of the Microsoft Access 97 backend shipped as the default. For upsizing, both Single Server and Distributed Server configurations are supported. In a Single Server configuration, SQL Server and IIS/Exploration Air will be run on the same physical machine. In a Distributed Server configuration, IIS/Exploration Air and SQL Server will be run on separate physical machines.
To set up a Single Server configuration:
- Install Windows 2000 Server and Internet Information Services 5.0.
- Install Microsoft SQL Server 6.5 with Service Pack 4 or SQL Server 7.0.
- Following the installation of Internet Information Services and Transaction Server (Component Services), use the Configure Windows option in the Add/Remove Programs folder in Control Panel to install any optional components such as Indexing Service or Certificate Services.
- Install the Exploration Air 5.0 sample site.
- Following the installation of Exploration Air 5.0, please use the SQL Upsizing procedure documented later in this section.
To set up a Distributed Server configuration:
On the machine to be used as the Database Server:
- Install any version of Windows NT Server® or Windows 2000 Server supported by Microsoft SQL Server.
- Install Microsoft SQL Server 6.5 and SQL Server 6.5 Service Pack 4 or Microsoft SQL Server 7.0.
On the machine to be used as the Web server:
- Install Windows 2000 Server.
- Install Microsoft SQL Server Client (Either install the Microsoft SQL 6.5/7.0 Workstation product or run SQL Server 6.5/7.0 Setup and choose the Install Utilities Only option.)
- Install Microsoft SQL Server 6.5 Service Pack 4 to update the client software to the latest version if version 6.5 is utilized.
- Install the Exploration Air 5.0 sample site.
- Following the installation of Exploration Air 5.0, please use the SQL Upsizing procedure documented later in this section.
Once Exploration Air 5.0 and SQL Server are up and running, use the following procedure to perform the actual "upsizing":
- From the Start menu, choose the SQL Upsizing Wizard for SQL Server 6.5 or the SQL Upsizing Wizard for SQL Server 7.0 from the Exploration Air 5.0 Sample Site program folder, depending upon which version of Microsoft SQL Server is in use.
- In the SQL Client Path: dialog box, fill in the path to the SQL client software installed on the machine running Exploration Air. This will usually be C:\MSSQL or C:\MSSQL7.
- In the SQL User ID: dialog box, fill in the name of a user account with permission to create databases. This will usually be SA or an equilvalent account.
- In the SQL Password: dialog box, fill in the password for the account listed in the SQL User ID: dialog box.
- In the SQL Server Name: dialog box, fill in the NetBIOS name of the machine running the SQL Server software. It should be noted that even if you are installing to a local machine, a complete NetBIOS name is still required.
- In the SQL Server Path: dialog box, enter the path to the SQL Server binaries as installed on the machine actually running the SQL Server software. This will usually be C:\MSSQL or C:\MSSQL7. It should be noted that this value does not necessarily have to be the same as the value specified in the SQL Client Path: dialog box when using a two machine Distributed Server configuration. If SQL Server is installed in D:\MSSQL on the Database Server and the SQL Client is installed in C:\MSSQL or C:\MSSQL7 on the Web server, then the SQL Client Path: should be set to C:\MSSQL or C:\MSSQL7 and the SQL Server Path: should be set to D:\MSSQL or D:\MSSQL7.
- When finished, click Create SQL Databases to upsize to SQL Server.
- If any failures occur during the upsize, they are most likely caused by either missing components and/or incorrectly supplied values to the SQL Upsizing Wizard. To correct the situation, verify all settings and reperform the steps listed in this section.
Upsizing to Microsoft SQL Server requires that two new data devices (ExAir5Device and ExAir5BenefitsDevice) of 5 MB each be created and that two new databases (ExAir5 and ExAir5Benefits) be created.
In order to provide the most secure e-commerce environment possible, Secure Sockets Layer (SSL) and X.509 Client Certificate authentication are available as user configurable options to "secure" the Frequent Flyer Club application that ships as part of the Exploration Air 5.0 sample site. However, in order to use these features, several configuration changes to your IIS configuration are necessary in order to enable encryption and/or certificate authentication. These changes can be broken down into Server Configuration, Application Configuration, and Client Configuration.
At the server side, a digital certificate is required in order to enable either SSL encryption or X.509 Client Certificates. A digital certificate can either be generated locally using Microsoft Certificate Services or by obtaining one from a certification authority such as Verisign. For the purposes of Exploration Air, it is assumed that Microsoft Certificate Services will be used and that the software is already installed and configured on the IIS server running the Exploration Air 5.0 sample site. To install a digital certificate using Microsoft Certificate Services:
- Open Internet Services Manager from the Administrative Tools folder in Control Panel.
- Expand the navigation pane and right-click the Default Web Site item under Internet Information Services on the machine that has the Exploration Air 5.0 sample site installed.
- Choose the Directory Security tab and click Server Certificate. This will launch the Certificate Wizard.
- At the introductory screen of the Certificate Wizard, click Next.
- Choose the "You need a new certificate option" and click Next.
- Choose the "Automatically send the request to an online certification authority" option and choose the locally installed Certificate Server. Then, click Next.
- Enter a name for the new key and click Next. Use a meaningful value such as ExplorationAirKey.
- Enter an organization name and organizational unit and click Next. For example, if you work in the IS Department of Nowhere Incorporated, those values could provide meaningful choices.
- At the Common Name dialog box, enter the EXACT name that will be used to access the Web server over the network and click Next. If the machine is connected to the Internet, its exact DNS name should be used. If the machine is used on an internal network, either its NetBIOS name or DNS name should be used depending upon how machines are accessed on that network. For example, if an Internet-connected machine is known as www.nowhere.com, www.nowhere.com should be used in this dialog box. Likewise, if a machine is connected to a NetBIOS network and is known as ExplorationAir, then ExplorationAir should be used.
- In the Geographical Information dialog box, please select a country code and enter the State/Province and City/Locality where the Web server will be located. Examples might be Washington and Seattle for Seattle, WA.
- In the Contact Information dialog box, enter the e-mail address, full name, and phone number of the Web server's administrator and click Finish. (Note: This information is for certification authority purposes only. It is not stored as any part of the certificate or Web server configuration.)
- At this point, the certificate will be installed on the Web server, allowing the establishment of secure communications.
If client certificate authentication is desired, then perform the following additional steps:
- Once the server certificate is installed using the preceding procedure, click Edit under Secure Communications in Internet Services Manager.
- Check the check box to Enable certificate trust list.
- Click New under the Current CTL: dialog box.
- At the start of the CTL Wizard, click Next.
- At the Certificates in the CTL dialog box, click Add from Store.
- Select the certification authority that corresponds to the Certificate Services instance running on the local machine and click OK.
- When viewing the certificate, click OK.
- When the user is returned to the Certificates in the CTL dialog box, click Next.
- Enter a friendly name and description for the certificate and click Next. Meaningful descriptions are recommended.
- Click Finish. At this point, the server is fully configured to support SSL data encryption and has the ability to process client certificate authentication.
Once the digital certificate has been installed on the Web server, SSL encryption can be enabled for the Frequent Flyer Club application. To enable SSL encryption:
- In the browser, open the Exploration Air Site Administrator's page. It can be accessed by either navigating to the Home Page, opening the Site Services section, and opening the Site Admin section; or else by navigating directly to http://localhost/exair5/siteadmin/default.asp.
- Check the SSL Support check box and click Save.
- At this point, HTTPS support will be enabled on the Frequent Flyer Club and the pages will have to be accessed via a https:// prefix rather than an http:// prefix. Any attempts to access the Frequent Flyer Club with a http:// prefix will result in an error unless SSL support is disabled.
Finally, once SSL has been enabled on the Frequent Flyer Club, you can enable X.509 client certificate authentication to make the customer's experience as secure as possible.
- In the browser, open the Exploration Air Site Administrator's page. It can be accessed by either navigating to the Home Page, opening the Site Services section, and opening the Site Admin section; or else by navigating directly to http://localhost/exair5/siteadmin/default.asp.
- Select the Client Certificate Support check box and click Save.
- At this point, a recognized X.509 client authentication certificate will be required to enter the Frequent Flyer Club.
When client certificate authentication is enabled, all clients must configure their browsers and obtain a client authentication cetificate before entering the Frequent Flyer Club. This procedure only needs to be followed once per client. The steps are:
- In the browser, open the Exploration Air Our Certificate page. It can be accessed by either navigating to the Home Page, opening the Site Services section, and opening the Our Certificate section; or else by navigating directly to http://localhost/exair5/certificates/default.asp.
- At the Our Certificate page, click the Obtain Site Certificate link.
- At the list of available certification authorities, choose the certification authority that was used to configure SSL support for the Web server running Exploration Air.
- When prompted to download the resulting certificate, choose to "Open the file from its current location."
- When prompted to enable the New Site Certificate, click OK.
- When prompted to add the certificate to the Root Store, click Yes. At this point, the client browser is fully configured to recognize the Certificate Services as a valid certification authority and is ready to obtain a client authentication certificate.
- At this point, return to the Our Certificate page (using the means specified above) and choose the Obtain Client Certificate link.
- Next, fill out the client authentication certificate request form in its entirety and click Submit Request.
- When the certificate request is processed, click Download. At this point the client authentication certificate is successfully installed and the user is ready to access the Frequent Flyer Club using both SSL data encryption and X.509 client certificate authentication.
If, at any point, you want to disable the SSL encryption and client-certificate authentication, deselect the undesired security settings on the Exploration Air Site Administrator page (http://localhost/exair5/siteadmin/default.asp) and click Save.
The two primary components used to drive Exploration Air 5.0, ExAir5.dll and Benefit5.dll, have been configured to run as out of process in the transactional feature of Component Services. This will maximize reliability and stability on the Web server system at a cost of performance. If maximum performance is desired, Component Services Explorer should be used to change the ExAir5 and Benefit5 components so that they are instantiated as in process. Use the following procedure:
- From the Start menu, choose Component Services from the Administrative Tools program folder.
- Right-click Benefit5 package under the Installed Packages folder and choose Properties.
- Open the Activation tab.
- Check the radio button so that the component executes as a Library Package rather than a Server Package.
- Click OK.
- Repeat the above steps for the ExAir5 package.
The components used to drive the Exploration Air 5.0 sample site are set to execute under the currently logged in user. Hence, unless a user account with valid permissions is logged into the server console, the components cannot be instantiated and executed. To rectify this situation, the components should either be set to run as in-process (see the previous section on Out-of-Process Components for more information) or else have their identity properties configured for a valid user account. To do this:
- From the Start menu, choose Component Services from the Administrative Tools program folder.
- Right-click Benefit5 package under the Installed Packages folder and choose Properties.
- Open the Identity tab.
- Check the radio button so that the component executes under the identity of "This user" rather than "Interactive user."
- Specifiy a valid account name and password with minimum permissions (the IUSR_MACHINENAME account used by IIS 5.0 would be a good choice) under which the component should be instantiated.
- Click OK.
- Repeat the above steps for the ExAir5 package.
If problems occur while accessing the Open Enrollment or View/Change Benefits pages when utilizing Microsoft Access as the database provider, it is most likely due to file permissions conflicts on NTFS-formatted volumes. To correct the situation, please set the Security settings in Windows Explorer to Everyone and Full Control for the \Program Files\Microsoft\ExAir5\DBSource\Access subdirectory.
Microsoft welcomes your feedback on Exploration Air! Please send comments, questions, and feature suggestions to exair@microsoft.com. Thank you for downloading this site. We hope you enjoy flying Exploration Air!
Did you find this material useful? Gripes? Compliments? Suggestions for other articles? Write us!
© 1999 Microsoft Corporation. All rights reserved. Terms of use.
Back to top