Hello,

I am quite new to IIS and I could use some assistance. I am running IIS
on Windows 2003 Server (Enterprise).

Here is what I would like to accomplish:

1. A single public IP address and point to different web servers.
2. Encryption / security (I know point one does not support SSL)
3. I would like ot host the web pages on different computers

Here are my thoughts as security is a concern:

I would place the IIS server in the DMZ.
I would like each company that I am hosting to have it's own web page
(e.g. www.abc.com).

When a company enters its web page (www.abc.com) a web page will come
up with a log in screen (my idea is for it to be similar to the way
banks validate customers).

The login credientials will be authenticated by verifying users from a
Windows 2003 Active Directory Domain Controller. Once authenticated, it
will take the user to a program that is entirely web based.

I have given this some thought and I think the best way is to have the
IIS / Web server in the DMZ and some sort of Active Server Page as the
main screen when connecting (www.abc.com). The user will login in and
be redirected to a secure area (private netowrk) where the Domain
Controller sits along with the Web application.

Can this be done? Can it be secure? What about encryption or HTTPS at
this point? By the way, preference would be to not use VPN's.

Any suggestions or comments would be greatly appreciated.

Thanks in advance.

Mark
budman [at] generation.net

"buddd" <budman [at] generation.net> wrote in message
news:1130412552.385428.269150 [at] g43g2000cwa.googlegroups.com.. .
> Hello,
>
> I am quite new to IIS and I could use some assistance. I am running IIS
> on Windows 2003 Server (Enterprise).
>
> Here is what I would like to accomplish:
>
> 1. A single public IP address and point to different web servers.
> 2. Encryption / security (I know point one does not support SSL)
> 3. I would like ot host the web pages on different computers
>
> Here are my thoughts as security is a concern:
>
> I would place the IIS server in the DMZ.
> I would like each company that I am hosting to have it's own web page
> (e.g. www.abc.com).
>
> When a company enters its web page (www.abc.com) a web page will come
> up with a log in screen (my idea is for it to be similar to the way
> banks validate customers).
>
> The login credientials will be authenticated by verifying users from a
> Windows 2003 Active Directory Domain Controller. Once authenticated, it
> will take the user to a program that is entirely web based.
>
> I have given this some thought and I think the best way is to have the
> IIS / Web server in the DMZ and some sort of Active Server Page as the
> main screen when connecting (www.abc.com). The user will login in and
> be redirected to a secure area (private netowrk) where the Domain
> Controller sits along with the Web application.
>
> Can this be done? Can it be secure? What about encryption or HTTPS at
> this point? By the way, preference would be to not use VPN's.
>
> Any suggestions or comments would be greatly appreciated.

What you're looking to do sounds like what ISA is for. IIS doesn't support
that type of "pass through" ability.
http://www.microsoft.com/isaserver/evaluation/features/defau lt.mspx

--
Tom Kaminski IIS MVP
http://www.microsoft.com/windowsserver2003/community/centers /iis/
http://mvp.support.microsoft.com/
http://www.iistoolshed.com/ - tools, scripts, and utilities for running IIS

"buddd" <budman [at] generation.net> wrote in message
news:1130412552.385428.269150 [at] g43g2000cwa.googlegroups.com.. .
> Hello,
>
> I am quite new to IIS and I could use some assistance. I am running IIS
> on Windows 2003 Server (Enterprise).
>
> Here is what I would like to accomplish:
>
> 1. A single public IP address and point to different web servers.
> 2. Encryption / security (I know point one does not support SSL)
> 3. I would like ot host the web pages on different computers
>
> Here are my thoughts as security is a concern:
>
> I would place the IIS server in the DMZ.
> I would like each company that I am hosting to have it's own web page
> (e.g. www.abc.com).
>
> When a company enters its web page (www.abc.com) a web page will come
> up with a log in screen (my idea is for it to be similar to the way
> banks validate customers).
>
> The login credientials will be authenticated by verifying users from a
> Windows 2003 Active Directory Domain Controller. Once authenticated, it
> will take the user to a program that is entirely web based.
>
> I have given this some thought and I think the best way is to have the
> IIS / Web server in the DMZ and some sort of Active Server Page as the
> main screen when connecting (www.abc.com). The user will login in and
> be redirected to a secure area (private netowrk) where the Domain
> Controller sits along with the Web application.
>
> Can this be done? Can it be secure? What about encryption or HTTPS at
> this point? By the way, preference would be to not use VPN's.
>
> Any suggestions or comments would be greatly appreciated.

What you're looking to do sounds like what ISA is for. IIS doesn't support
that type of "pass through" ability.
http://www.microsoft.com/isaserver/evaluation/features/defau lt.mspx

--
Tom Kaminski IIS MVP
http://www.microsoft.com/windowsserver2003/community/centers /iis/
http://mvp.support.microsoft.com/
http://www.iistoolshed.com/ - tools, scripts, and utilities for running IIS

I am running Windows 2003 standard with multiple websites using a single IP
address. I use the host headers to tell IIS which web site request goes to
the various web sites. For example, if I had three websites: www.a.com,
www.b.org, and www.c.org, all three would be registered with the same IP
address. Each website would be configured to respond to only its particular
host header - www.a.com, etc.

Also, I did not put the server in the DMZ. I only allowed port 80 and 443
to be passed to the server.

I believe that some older browser versions do not support host headers, but
it has not been a problem for me.

"buddd" wrote:

> Hello,
>
> I am quite new to IIS and I could use some assistance. I am running IIS
> on Windows 2003 Server (Enterprise).
>
> Here is what I would like to accomplish:
>
> 1. A single public IP address and point to different web servers.
> 2. Encryption / security (I know point one does not support SSL)
> 3. I would like ot host the web pages on different computers
>
> Here are my thoughts as security is a concern:
>
> I would place the IIS server in the DMZ.
> I would like each company that I am hosting to have it's own web page
> (e.g. www.abc.com).
>
> When a company enters its web page (www.abc.com) a web page will come
> up with a log in screen (my idea is for it to be similar to the way
> banks validate customers).
>
> The login credientials will be authenticated by verifying users from a
> Windows 2003 Active Directory Domain Controller. Once authenticated, it
> will take the user to a program that is entirely web based.
>
> I have given this some thought and I think the best way is to have the
> IIS / Web server in the DMZ and some sort of Active Server Page as the
> main screen when connecting (www.abc.com). The user will login in and
> be redirected to a secure area (private netowrk) where the Domain
> Controller sits along with the Web application.
>
> Can this be done? Can it be secure? What about encryption or HTTPS at
> this point? By the way, preference would be to not use VPN's.
>
> Any suggestions or comments would be greatly appreciated.
>
> Thanks in advance.
>
> Mark
> budman [at] generation.net
>
>

I am running Windows 2003 standard with multiple websites using a single IP
address. I use the host headers to tell IIS which web site request goes to
the various web sites. For example, if I had three websites: www.a.com,
www.b.org, and www.c.org, all three would be registered with the same IP
address. Each website would be configured to respond to only its particular
host header - www.a.com, etc.

Also, I did not put the server in the DMZ. I only allowed port 80 and 443
to be passed to the server.

I believe that some older browser versions do not support host headers, but
it has not been a problem for me.

"buddd" wrote:

> Hello,
>
> I am quite new to IIS and I could use some assistance. I am running IIS
> on Windows 2003 Server (Enterprise).
>
> Here is what I would like to accomplish:
>
> 1. A single public IP address and point to different web servers.
> 2. Encryption / security (I know point one does not support SSL)
> 3. I would like ot host the web pages on different computers
>
> Here are my thoughts as security is a concern:
>
> I would place the IIS server in the DMZ.
> I would like each company that I am hosting to have it's own web page
> (e.g. www.abc.com).
>
> When a company enters its web page (www.abc.com) a web page will come
> up with a log in screen (my idea is for it to be similar to the way
> banks validate customers).
>
> The login credientials will be authenticated by verifying users from a
> Windows 2003 Active Directory Domain Controller. Once authenticated, it
> will take the user to a program that is entirely web based.
>
> I have given this some thought and I think the best way is to have the
> IIS / Web server in the DMZ and some sort of Active Server Page as the
> main screen when connecting (www.abc.com). The user will login in and
> be redirected to a secure area (private netowrk) where the Domain
> Controller sits along with the Web application.
>
> Can this be done? Can it be secure? What about encryption or HTTPS at
> this point? By the way, preference would be to not use VPN's.
>
> Any suggestions or comments would be greatly appreciated.
>
> Thanks in advance.
>
> Mark
> budman [at] generation.net
>
>