Wednesday, August 13, 2008

RWW under the hood in SBS 2003

Good evening folks - been a crazy busy day but I am honoring my commitment to post up several pages per day from my Windows Small Business Server 2003 Best Practices book (the purple book). I really like the part of Chapter 8 where we debunk, prove and otherwise party on with Remote Web Workplace.

Looking forward to SBS 2008 and more madness!

cheers...harrybbbb

Harry Brelsford, ceo at smb nation, www.smbnation.com

Microsoft Small Business Specialist, MBA, MCSE, CNE, MCT, MCP, CLSE and CNP - whew - I am tired!

ps - funky groovy fall conference is less than 60-days away in Seattle!

###

Under the Hood RWW Architecture


Specialists like specialist in the professional world, perhaps because there is an element of mutual respect. So when this SBS specialist (yours truly) needed some help digging deeper in this subject area, I went to fellow SBS 2003 hands-on lab instructor Beatrice Mulzer from Florida. Beatrice is an RWW nicher and provided the screen shots in this section showing a glimpse of how things work under the hood with RWW.


First off, it helps to see a Visio diagram that outlines the RWW architectural experience. This is shown in Figure 8-10.


Visit www.smbnation.com for additional SMB and SBS book, newsletter and conference resources.


Figure 8-10


This diagram outlines the RWW mechanics.





Now for the step-by-step figures that bring definition to the chart above.


Notes:


Visit www.microsoft.com/technet for the latest updates for any Microsoft product.


Figure 8-11


Initial connection to SBS 2003 external Web page over port 80. Note HTTP in the Address field of Internet Explorer.





BEST PRACTICE: Note the above figure (Figure 8-11) assumes that you have selected the Business Web option on the Web Services Configuration page in the EICW. We did NOT do this back in Chapter 4 for the purpose of SPRINGERS. But please heed this advice, as imparted to me by the Microsoft program manager who owns this area. IN THE REAL WORLD, Microsoft discourages you from opening port 80 in the EICW via the Business Web selection. Rather, they’d rather have the address for RWW typed by external users be the FQDN followed by /remote (e.g., springers1.springersltd.com/ remote). The /remote component of the address makes the external listening port become 443 and the address is appended to HTTPS.


Another real worldism for NOT opening port 80 if you can help it. Beside exposing your IIS root to the world (and Web search engine crawling), you also expose RWW to Web search engine crawling. This is something you probably don’t want to do, as it might be the source of future vulnerabilities and attacks (as of this writing, this hasn’t been exploited). A really interesting exercise to see this in action is to go to Google and search on the terms “remote web workplace” and view the results. You’ll see pages of hits returned with Remote Web Workplace highlighted. These are SBS 2003 sites that have opened port 80 (again, likely via the Business Web selection on the Web Services Configuration page in the EICW). Stunning how many RWW sites you’ll see.


Finally, if you must have port 80 open because you really do host a business Web site and you’ve accepted the risks, then please consider using a robots.txt file to restrict Web search engine crawling. Details on robots.txt at www.robotstxt.org/wc/robots.html and in Chapter 10.


Notes:


Visit www.microsoft.com/technet for the latest updates for any Microsoft product.


Figure 8-12


Approving the security certificate (SSL) pop-up to log on to Remote Web Workplace (this process started by selecting the Remote Web Workplace link). Note the port switch from port 80 to port 443. This would be the case when you’ve published your root page via the Business Web selection on Web Services Configuration in the EICW.





Figure 8-13


The SSL pop-up was approved and the RWW logon dialog box appears. Session traffic is over port 443 and the HTTP protocol has switched to HTTPS at this point.





Visit www.microsoft.com/technet for the latest updates for any Microsoft product.


Figure 8-14


An RWW session underway with HTTPS and port 443.





BEST PRACTICE: Did you look closely at the above figure and see the entry titled “View Server Usage Report”? How did that appear? If you have run the Monitoring Configuration Wizard (which you will do in Chapter 12) and the user (in this case Beatrice) has permission to view the server usage reports, this option will appear on the RWW page.


Notes:


Figure 8-15


Internally accessing the WSS Home page (Intranet) over port 443 under RWW. Protocol is HTTPS. Note that external access to WSS is over 444 (which isn’t being depicted in this figure).





Visit www.microsoft.com/technet for the latest updates for any Microsoft product.


Figure 8-16


When you click the Connect to my computer at work, port 4125 is used for the Remote Desktop session traffic (note port 4125 doesn’t become active and listen until you click this Connect to my computer at work button; listening actually occurs on port 443). This is in addition to port 443 that remains open (ports 4125 and 443 are simultaneously open under this scenario). At this juncture, some background voodoo is performed by SBS to authenticate you and prove you are who you say you are (that’s about as well as I can explain it in this introductory text).





BEST PRACTICE: A common question in the Fall 2003 SBS hands-on labs related to which ports on a hardware-based firewall/router needed to be opened to allow RWW traffic through. RWW uses the following ports for its entire experience: 443, 444, 4125. Port 80 would be used if you published the root page (not recommended). And by the way, the other SBS-related port you’ll need open is 1723 (VPN, which I discuss more later).


By the way, you can see the port 4125 setting for RWW in the


Registry at:


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SmallBusinessServer\RemoteUserPortal


and look at the Port key where the REG_DWORD value is 4125.


Another common question concerns whether you must first establish a VPN connection to drill down and take control of your Windows XP Pro workstation via Remote Desktop. The answer is no. You are using RDP over HTTP, not VPN tunneling to access the Windows XP Pro workstation.


So hopefully a few pictures here have saved over a thousand words. I thought that by starting with a diagram and then witnessing the port traffic, you could “feel” RWW first hand under the hood. More of this good stuff in my advanced SBS 2003 book in the second part of 2004.

3 comments:

Wandering Guy said...

Hi,

A good post on "RWW under the hood in SBS 2003". We are VA4World a virtual assistant firm who provide admin support service for SME’s all over the world. We would like to hear your feedback.

Thanks,
Sridhar – VA4World for viral marketing, SEO and admin support

Anonymous said...

Hey,

When ever I surf on web I never forget to visit this website[url=http://www.weightrapidloss.com/lose-10-pounds-in-2-weeks-quick-weight-loss-tips].[/url]harrybrelsford.blogspot.com is filled with quality info. Let me tell you one thing guys, some time we really forget to pay attention towards our health. Are you really serious about your weight?. Recent Research shows that about 80% of all United States adults are either fat or weighty[url=http://www.weightrapidloss.com/lose-10-pounds-in-2-weeks-quick-weight-loss-tips].[/url] Hence if you're one of these citizens, you're not alone. Infact many among us need to lose 10 to 20 lbs once in a while to get sexy and perfect six pack abs. Now the question is how you are planning to have quick weight loss? Quick weight loss can be achived with little effort. Some improvement in of daily activity can help us in losing weight quickly.

About me: I am webmaster of [url=http://www.weightrapidloss.com/lose-10-pounds-in-2-weeks-quick-weight-loss-tips]Quick weight loss tips[/url]. I am also health expert who can help you lose weight quickly. If you do not want to go under hard training program than you may also try [url=http://www.weightrapidloss.com/acai-berry-for-quick-weight-loss]Acai Berry[/url] or [url=http://www.weightrapidloss.com/colon-cleanse-for-weight-loss]Colon Cleansing[/url] for effortless weight loss.

Anonymous said...

tramadol online order tramadol for pets - buy tramadol cod online