Configuring Additional Websites

As shown previously in the chapter, the default SBS installation configures four separate websites. In some cases, an SBS administrator may want to configure additional web services for internal use. These services can be set up as separate websites, or as directories under the existing main site. This section covers creating a new website, and the next section takes a closer look at adding virtual directories to existing sites.

Best Practice: Do Not Use SBS to Run a Public Website

The general consensus among the SBS community is not to use the SBS server as a public web server. Using SBS to host OWA and Remote Web Workplace as web apps is fine because both require SSL, encrypting all username and password information sent across the Internet. Historically, several significant attacks have targeted IIS servers hosting public websites. Because SBS hosts the core of the entire network, it should be protected as much as possible, including not allowing access to port 80 from the Internet.

Backing Up the IIS Configuration

As is the best practice in any situation, always make a backup of the IIS configuration before making any changes to it. Fortunately, this is a simple process, whether for backing up individual websites or the entire IIS configuration.

Backing Up Websites and Virtual Directories

The configuration for each individual website, and for each virtual directory within the site, can be saved to a file on disk. Backing up an individual site or virtual directory affords the administrator the opportunity to restore the single site or virtual directory if a problem develops with that site or directory without having to restore the entire IIS configuration. This is not so much a time-saving mechanism (the process to back up and restore the entire IIS configuration is quick) but a way to ensure that any changes made elsewhere in the IIS configuration are not overwritten in the process of restoring one element.

To back up a site or virtual directory to a file, right-click on the site or directory in the IIS Management Console, select All Tasks, and then select Save Configuration to a File. In the Save dialog box that comes up, enter the filename for the configuration and accept the default path or change the path to the location where you want the file saved. You can also encrypt the configuration file with a password. The file is saved in XML format and can be viewed with a text editor.

Alternatively, you can back up all the sites at the same time using this same method. Instead of running the Save Configuration to a File task from the individual site, you can right-click on the Web Sites folder and run the Save Configuration to a File task from there. This creates an XML file that contains the configuration information for all the sites configured in IIS. This does not save all the information stored in the metabase, only the website configurations.

Backing Up the Entire Metabase

There are two mechanisms for backing up the entire metabase within the IIS Management Console. With the server highlighted, you can select either Backup/Restore Configuration or Save Configuration to Disk from the Action, All Tasks menu in the console. The Backup/Restore Configuration item brings up the Configuration Backup/Restore dialog (see Figure 6.12), which lists all the backup points that can be used for restore. One backup is created when the IIS setup is run, and a number of automatic backups are done as part of normal maintenance. Only the most recent Automatic Backup configurations are kept. However, the automatic backups will not automatically overwrite manual backups created in this interface.

Figure 6.12. The Configuration Backup/Restore dialog lists the initial backup made during system installation, any manual backups made, and the most recent automatic backups.

To create a manual backup of IIS prior to making changes to the IIS configuration, follow these steps:

1.	In the IIS Management Console, right-click on the local computer icon, select All Tasks, and then select Backup/Restore Configuration.
2.	In the Configuration Backup/Restore dialog box, click Create Backup.
3.	In the Configuration Backup dialog box, enter a name for the backup point. Optionally, you can enable the Encrypt Backup Using Password check box and enter and confirm a password for this backup point.
4.	Click OK.
5.	The backup point appears in the list. Click Close when finished.

Best Practice: Make Backups Before Making Any Configuration Changes to IIS

The importance of making backups to the IIS configuration cannot be stressed enough. Although the XML configuration of IIS 6 is less prone to corruption than the metabase format in earlier versions, even making seemingly simple changes to IIS can cripple the entire web operation of the server if a mistake is made. Because backups are so easy to make in IIS, there is no reason not to make a backup before looking at the IIS configuration, even if you are not planning on making changes.

Creating the New Site

Before you create a new site in IIS, you need a few pieces of information first. Table 6.6 highlights the key data points you need to create the site.

Table 6.6. Information Needed to Create a New Site in IIS
Setting	Description
IP address	The IP address the website will use to listen to incoming data. If the site will share an IP address with other sites, it will need a unique TCP port or host header to differentiate the site from other sites in the IIS configuration.
TCP port	Usually port 80, but may be different depending on the desired configuration.
SSL port	Usually 443, if configured. If you will not be using SSL for this site, you do not need to configure this setting. If this site will use SSL and other sites on the server will use SSL as well, this value must be something other than 443.
Host header	The unique hostname that web clients will use to connect to this site. This value must be set if this site is sharing an IP address with other sites in the IIS configuration.
Location of files	The path to the website files on the local server.

To create the new site, right-click on the Web Sites folder and select either Web Site or Web Site (from File) under the New submenu. When you select Web Site, the Web Site Creation Wizard starts and walks you through the process for configuring the new site. After you have completed the wizard using the information in Table 6.6, the new website appears in the IIS Management Console. If you need to configure SSL for the site, you have to manually edit the properties of the site because the wizard does not configure SSL on the site.

The other option for creating a new site is to create the site from an existing configuration file. This is a good method for restoring a corrupt site from a backup configuration. If you have created a backup file for a particular site or for all the websites using the method described earlier, you can use that backup file to create (or re-create) a website in IIS.

Use the following steps to test the backup/restore process for a single website. This example uses the Companyweb site as the test case. Make sure that you do a backup of the complete metabase before making any changes to your website configuration as a failsafe!

1.	Right-click on Web Sites in the IIS Management Console, and select All Tasks, Save Configuration to a File.
2.	Enter a name for the configuration in the File Name field and click OK.
3.	Right-click on the Companyweb website in the IIS Management Console and select Delete. Remember, you are not uninstalling Companyweb, just removing the website configuration from IIS.
4.	Click Yes when prompted to delete the site.
5.	Verify that the Companyweb website is not listed in the IIS configuration.
6.	Right-click on Web Sites and select New, Web Site (from File).
7.	In the Import Configuration dialog box, click Browse and select the backup file you created in step 2. Click OK to close the file selection dialog box.
8.	Click Read File. The list of sites in the backup file displays in the window.
9.	Select the Companyweb configuration and click OK.

At this point, the Companyweb website configuration has been restored to IIS and is running again.

Managing Virtual Directories

In most cases, any additional web features you may want to add to the SBS server will not require a separate website in IIS. Instead, you may be able to simply add a virtual directory to the Default Web Site. This allows you to access the site securely from the Internet without having to set up an alternate SSL port. In addition, each virtual directory can have its own set of access permissions separate from the Default Web Site (compare OWA, Remote Web Workplace, and Monitoring and Reporting, all of which are virtual directories residing under the Default Web Site).

Virtual directories are managed differently from standard subdirectories in a website configuration. Even though both are accessed in the same way from a web browser (if the main website is http://www.smallbizco.net, a subdirectory or virtual directory named "webapp" would be accessed through http://www.smallbizco.net/webapp), a normal subdirectory would simply be created in the folder where the root of the web server is stored (c:\inetpub\wwwroot for the Default Web Server). A virtual directory, however, can exist anywhere on the server hard disk or even on another server on the intranet.

The process for backing up virtual directory configurations has already been discussed earlier in the chapter. In some cases, it makes sense to create additional backup configuration files for virtual directories in addition to backing up the website configuration entirely. This way an individual virtual directory can be removed and re-created without affecting the settings on the rest of the site. If you create a new virtual directory in a website, you should create a separate backup of the virtual directory configuration.

Creating a new virtual directory is similar to creating a new website. You can launch the Virtual Directory Creation Wizard by right-clicking on the website where you want the new directory and selecting New, Virtual Directory. The wizard requests three pieces of information from you: the name of the directory, the path to where the files for the directory are located, and the permissions that should be applied to the virtual directory.

After the virtual directory has been created, you can modify the settings for the directory to configure as needed. The properties for a virtual directory resemble the settings for a website configuration but have fewer options. Table 6.7 lists the five properties tabs available for virtual directories and the key items in each tab.

Table 6.7. Descriptions of the Settings Tabs for the IIS Virtual Directory Properties Page
Tab Name	Description
Virtual Directory	Stores the main content location for the directory, the access allowed to that content, and the application settings used, if any.
Documents	Lists the default content page names and footer information for each page displayed, if used.
Directory Security	Stores the authentication, IP/domain restrictions, and secure communication settings for the site.
HTTP Headers	Stores settings for content expiration, custom HTTP headers, content ratings, and MIME types for the directory.
Custom Errors	Lists the locations for the files displayed for each of the HTTP error types.

With a few exceptions, the settings in the virtual directory properties allow you to configure the virtual directory as if it were its own site. The key differences are that you cannot modify the IP address or port settings, nor can you enable FrontPage support if it is not already enabled on the parent site. Just about all other website settings, including application pool settings, can be modified in this area.

Installing Third-Party Web Services

SBS is not the only solution that builds much of its management interface on top of web services. Many other support solutionsantivirus software, antispam software, management and monitoring toolshave a web component to configure or monitor the software. Most of these software packages configure web services as part of the software installation package instead of relying on administrators to manually configure the web services.

Unfortunately, not all these tools have reached the level of web maturity that SBS has, and the installation process can trash the SBS IIS configuration. One notorious package is the Microsoft Customer Relationship Management suite, or MS CRM. By default, the CRM installation wants to install its web components into the Default Web Site, which is fine on a standalone server. However, many of the changes the CRM configuration makes to the Default Web Site breaks most of the SBS web tools. The CRM installation documentation does have a section detailing how to install CRM on an SBS server, but not all installers read the instructions to know that CRM can and should be installed into a separate site configuration on SBS and not the Default Web Site.

Other problems that can result from installing a third-party software web component on SBS are port conflicts. Some web management installations do install themselves into separate website configurations but fail to check and see whether any other websites are using a particular port to provide web services. Several software packages install themselves to listen on port 8080, which is unfortunately the same port that ISA uses for web proxy. Some also attempt to install on port 8081, which is where the SharePoint Central Administration site resides.

Best Practice: Installing Third-Party Web Services on SBS

Because of all the potential problems that can result with the installation of a third-party web solution on the SBS server, you should take several steps to make sure that the installation goes smoothly and that you have a way to get back to a running state if something does go wrong.

First, before installing the third-party software, make a backup of the IIS configuration using the methods described earlier in the chapter. This gives you a fallback position in case the software install has problems and uninstalling the software does not restore IIS to its previous configuration.

Second, if given the option, have the third-party software install into a separate website configuration. This keeps any changes it wants to make to the site configuration out of the Default Web Site and protects the existing web services on the SBS server.

Third, if the software wants to listen on a nonstandard web portthat is, a port other than 80go through your IIS configuration and see whether any sites are already using that port. If so, be sure to select an alternate port number in the software installation. Do not allow a third-party software package to use port 8080 or 8081 for its web services, even if you are not currently running ISA on the server.