Vol. 50, #8 - October 7, 2013 - Issue #950

Image

Secure file transfer

  1. Editor's Corner
    • Another free ebook! Introducing Windows Azure for IT Professionals
    • An Isolated Approach to FTP
    • Tip of the Week
    • Recommended for Learning
    • Quote of the Week
  2. Admin Toolbox
    • Admin Tools We Think You Shouldn't Be Without
  3. Events Calendar
    • Americas
    • Europe
  4. Webcast Calendar
    • Featured Webinar: Data Management Strategies for MS Exchange
    • Register for Webcasts
  5. Tech Briefing
    • Windows Server
    • SharePoint, Exchange and Office
    • Hyper-V
    • System Center
    • Windows Azure
    • Other Cloud Computing
    • Security
    • Acknowledgements
  6. Windows Server News
    • Maximize cloud benefits with five keys to private cloud automation
    • Tips for VDI success: Tackling networking, security and app selection
    • VirtIO, PCI pass-through offer better KVM network performance
    • Click-to-Run and MSI provide Office 2013 installation options
  7. WServerNews FAVE Links
    • This Week's Links We Like. Fun Stuff.
  8. WServerNews - Product of the Week
    • 2X ApplicationServer XG - Simple and secure virtual desktop and application delivery.

 

Simple and secure virtual desktop and application delivery

2X ApplicationServer XG allows the delivery of virtual desktops and applications from a central location, providing continuous availability, resource-based load balancing and complete end-to-end network transparency for administrators. This enables vendor independent virtual desktops & application delivery to users on any device, accessible from anywhere. The results are significant savings on administration and support. 2X ASXG delivers virtual desktops & applications to any mobile & desktop device. It provides cloud-enabled virtual desktops & applications through the 2X Cloud Portal while supporting all major hypervisors from Microsoft, VMware, Citrix and more. 2X ASXG integrates a powerful universal printing & scanning functionality while providing high-capacity, resource-based load balancing and management features.

Free Trial

 

Editor's Corner

This week's newsletter is all about securely transferring files using the FTP Isolation functionality found in IIS 7.0 and later on the Windows Server platform. To walk us through how to configure and use this feature we have a guest editorial by Terri Donahue, a Microsoft Most Valuable Professional for ASP.NET/IIS. But while transferring a file is one thing, opening the file can be an altogether different experience as this classic Dilbert cartoon explains:
http://www.wservernews.com/go/1380891650429

Another free ebook! Introducing Windows Azure to IT Professionals

Last week we announced a free ebook titled Microsoft System Center: Designing Orchestrator Runbooks by David Ziembicki, Aaron Cushner and Andreas Rynes with myself as series editor. This is the first in a series of free ebooks Microsoft Press will be publishing about different System Center 2012 products and you can download the ebook in PDF, MOBI or EPUB format here:
http://www.wservernews.com/go/1380891656350

Guess what? This week we're announcing the availability of another free ebook! This one is titled Introducing Windows Azure for IT Professionals and is by myself together with experts from the Windows Azure team at Microsoft.

Image

The PDF for this ebook can be downloaded today while MOBI and EPUB versions will be available soon. You can get it from here:
http://www.wservernews.com/go/1380891662085

Enjoy!

And now on to our guest editorial by Terri Donahue...

An Isolated Approach to FTP

Microsoft has made great progress with FTP in the later releases of the application. There are many new features that have been added to FTP starting with IIS 7.0. The IIS FTP server now supports SSL connections for data encryption. With IIS 8.0, Microsoft introduced an automated approach to FTP Logon restrictions as well. Both of these enhancements provide a more secure application and create a real argument for choosing IIS FTP for implementation in a multi-host/multi-use environment. I will be providing an overview of implementing the FTP role utilizing either user isolation with a single FTP instance or Virtual Host Names with multiple sites.

For this walkthrough, you will need to create four local users, their home directories, a named text file, and set NTFS permissions to modify for access. This configuration will make testing/verification easier because you should only see the user named file for each user when logging into the FTP site.

User

Home Directory

Text document in directory

test1

C:\domains\test1

Test1.txt

test2

C:\domains\test2

Test2.txt

test3

C:\domains\test3

Test3.txt

test4

C:\domains\test4

Test4.txt

For starters, you need to have the FTP Role Service installed. From Server Manager, click on the IIS entry to view the metrics associated with IIS. Scroll down through the information panel until you see Roles and Features. You can then check quickly to see if the FTP Service is installed. If it is not, click on Manage, Add Roles and Features. You will then click through the Wizard until you get to the Server Roles selection screen. Expand Web Server (IIS) and make sure that FTP Service under FTP Server is selected for install. Finish the Wizard to complete the install of the FTP Service.

FTP sites configured using User Isolation and/or Virtual Host Names (VHNs) can co-exist on the same server. In this walkthrough, we will cover configuring both types. This section will pertain to configuration of an FTP site using user isolation. To do this, open Internet Information Services (IIS) Manager. Right click on Sites and select Add FTP Site. Provide a site name (ex. MainFTP) and physical path (ex. c:\inetpub\ftproot) and proceed to the next page of the wizard. We will leave the defaults for the bindings and set the SSL configuration to No SSL for this implementation. Select Basic for the authentication type, change the authorization to Specified users or roles and enter Authenticated Users, and enable both Read and Write permissions. Click Finish to complete the configuration of this site. We will also need to configure the NTFS permissions on the root location to allow the selected users to authenticate. From IIS Manager, click on the MainFTP site and select Edit Permissions from the Actions pane. This will open the properties for the configured folder. Click on the Security Tab and click Edit. At this point, since we will only want authenticated users to be able to access the FTP site, we will add Authenticated Users with the default NTFS permissions. The next step is to enable user isolation. Click on MainFTP and open the FTP User Isolation feature in the GUI. Select User name directory under Isolate Users and click Apply. Next, open the FTP Authorization Rules feature, select the Allow rule and change the rule to Specified roles or user groups and enter Authenticated Users. The FTP site is now configured for user isolation. The next step will be to add the LocalUser and specific user virtual directories. Right click on MainFTP and then click on Add Virtual Directory. The alias name has to be LocalUser. Set the physical path to c:\inetpub\ftproot. This naming configuration is what IIS FTP expects for user isolation. Now right click on LocalUser and select Add Virtual Directory. The Alias will be the first user (test1) you created above and the physical path will be the home directory (c:\domains\test1) you created for the user. Repeat this step for your second user (test2). Your MainFTP configuration should now look like this:

Image

Figure 1

Once the basic configuration is completed, additional users and the respective home directories can be added to this single FTP instance. Due to the configuration of user isolation, access is only granted to the folder designated in the physical path of each virtual directory and the NTFS permissions ensure that only the correct user is able to access the content.

We are now ready to test using the FTP client of your choice. If we perform the testing on your local server, you can use localhost to connect. If you are testing this externally, a local entry in the host file will need to be created or the IP can be used. We will now login to our FTP server using the test1 user and verify that the only file that you see is test1.txt. If you connect with the test2 user, you should only see the test2.txt file.

We will now convert this implementation to one that uses Virtual Host Name sites with one of the sites also using user isolation. VHN sites require a default FTP site to be setup. We will use the MainFTP site already created. This could be just a default site that is setup but not configured since it will not be accessible after the second FTP site has been created. For security sake, we will go ahead and set the FTP Authorization Rules to Deny all users. Select the MainFTP site and open the FTP Authorization Rules feature. Delete the existing Allow rule and create a Deny rule which is set to All Users.

Let's once again right click on Sites and choose Add FTP Site. Enter the site name (test3.localtest.me) and physical path (c:\domains\test3). On the next page of the wizard, check Enable Virtual Host Names and enter the site name (test3.localtest.me) and set SSL to No SSL once again. Check Basic for the authentication type, allow access to Specified users and enter test3, and check Read and Write for the permissions. Click Finish on the wizard. Repeat this step for the test4 user replacing test3 with test4 for each step. And finally, add another FTP site that is named ui.localtest.me. The specified users should be test1, test2 and the Virtual Host Names needs to be set to ui.localtest.me. Right click on ui.localtest.me and then click on Add Virtual Directory. The alias has to be LocalUser and the physical path can be set to c:\inetpub\ftproot. Since we set the NTFS permissions on this folder previously, you are ready to continue with creating the Virtual Directories for user isolation. Right click on LocalUser and select Add Virtual Directory. The Alias will be the first user (test1) you created above and the physical path will be the home directory (c:\domains\test1) you created for the user. Repeat this step for your second user (test2).

After this is completed, the configuration will look like this:

Image

Figure 2

Although, you can use the IP address to test these FTP sites, we set these FTP sites up using a very special testing domain named localtest.me. All records, including a * record for this domain resolve to 127.0.0.1. I have gotten into the habit of creating sites with these hostnames so that testing does not require DNS updates or host file entries. When testing on your local server, your FTP host will be the name of the FTP site or localhost. If you are testing from another machine, you can use the IP address of the server as the hostname. When using VHNs, the name resolution is handled as part of the username. The username for each site has to be VHN|user. For example, to test the test3.localtest.me site, the username will be test3.localtest.me|test3.

About Terri Donahue

Terri Donahue is a Microsoft Most Valuable Professional ASP.NET/IIS. She currently works as a Support Specialist at OrcsWeb. She has worked with IIS since version 4.0. She has a passion for helping people solve technology related issues. For more info see her:

Website: http://www.wservernews.com/go/1380891677475

Twitter feed: http://www.wservernews.com/go/1380891679757

LinkedIn profile: http://www.wservernews.com/go/1380891681585

Send us feedback

Have you used FTP Isolation in IIS for secure file transfer? Are you using any other secure FTP solutions? Let us know at [email protected]

Tip of the Week

This week we have another PowerTip from our colleague Ed Wilson a.k.a. The Scripting Guy at Microsoft.

PowerTip: Find net adapter binding info using PowerShell

Here's a tip on how to use Windows PowerShell to find network adapter binding information.

Question: How can you use Windows PowerShell on Windows 8 or above to find network adapter binding information?

Answer: Use the Get-NetAdapterBinding function, specify the adapter name, and select the name, bindname and enabled properties. This appears here.

Get-NetAdapterBinding -Name ethernet | ft name, bindname, enabled

Ed Wilson is the bestselling author of eight books about Windows Scripting, including Windows PowerShell 3.0 Step by Step, and Windows PowerShell 3.0 First Steps. He writes a daily blog about Windows PowerShell call Hey, Scripting Guy! that is hosted on the Microsoft TechNet Script Center; for more PowerTips check out the Hey, Scripting Guy! blog.

GOT TIPS you'd like to share with other readers? Email us at [email protected]

Recommended for Learning

Here's an announcement about an exciting series of online events from Microsoft:

October 29: Attend Microsoft Insights 2013

Join the Microsoft Insights 2013 online event on October 29 for an interactive expert panel discussion on emerging opportunities in technology, the earning potential they represent, and the skills required to excel. Discover the training and resources available to prepare for the next step in your career and a rewarding future. Register now here:
http://www.wservernews.com/go/1380891705382

Quote of the Week

"Everything you want is on the other side of fear." - Jack Canfield

Note to subscribers: If for some reason you don’t receive your weekly issue of this newsletter, please notify us at [email protected] and we’ll try to troubleshoot things from our end.

 

Admin Toolbox

Admin Tools We Think You Shouldn't Be Without

Download 2X ApplicationServer XG to deliver virtual desktops and applications from a central location, providing continuous availability, resource-based load balancing and complete end-to-end network transparency for administrators.
http://www.wservernews.com/go/1380893312569

Make backing up Hyper-V VMs easy, fast and reliable. Free for WServerNews subscribers. Download now!
http://www.wservernews.com/go/1380893315100 

Server performance problems? Find out why with FactFinder Express. See whether the issue is a slow app, slow SQL requests, or a CPU/Memory/Disk bottleneck. 30 day free trial.
http://www.wservernews.com/go/1380893317319

sFlowTrend is a free, graphical network and server monitoring tool:
http://www.wservernews.com/go/1380893319850

FogBugz can help you track bugs, meet deadlines, and maintain control over team projects:
http://www.wservernews.com/go/1380893325522

 

Events Calendar

Americas

Project Conference, 2014 on February 2-5 in Anaheim, California
http://www.wservernews.com/go/1380891723132

Lync Conference 2014 on February 18-20, 2014 at The Aria in Las Vegas, Nevada
http://www.wservernews.com/go/1380891726491

SharePoint Conference 2014 on March 3-6, 2014 at The Venetian in Las Vegas, Nevada
http://www.wservernews.com/go/1380891728897

Microsoft Worldwide Partner Conference (WPC 2014) coming in July, 2014 in Washington, D.C.
http://www.wservernews.com/go/1380891731007


Europe

European SharePoint Conference on May 5-8, 2014 in Barcelona, Spain
http://www.wservernews.com/go/1380891734288

Add your event

PLANNING A CONFERENCE OR OTHER EVENT you'd like to tell our 95,000 subscribers about? Contact [email protected]

 

Webcast Calendar

Featured Webinar: Data Management Strategies for MS Exchange

MS ExchangeCon 2013 Keynote speaker Michael Osterman will beleading an interactive discussion on data management strategies in the era of diverse data.

And of all that data, what are you responsible for? What do you need to save, and for how long? Is all of it discoverable if it was created on personal devices or by non-company employees?

Join Michael Osterman of Osterman Research and Dominic Brown of HP Autonomy on October 8, 2013 at 2:00pm EDT / 11:00am PDT as they discuss information governance in an era of increasingly diverse data types. This Webinar will be recorded and the recording shared with all registrants.

Register here:
http://www.wservernews.com/go/1380891738350

This webinar will examine these issues and more as we look at the expanding pool of data types that all organizations are responsible for. We'll discuss the growing impact of new data types within organizations, and how to employ data governance policies and technologies to keep your organization in the clear if discovery becomes necessary. You’ll walk away with a new understanding of next steps for your organization in this changing landscape.

Register here:
http://www.wservernews.com/go/1380891745085

All registrants will be entered in a drawing to win an Apple iPad Mini or an Amazon.com gift certificate valued at $329.

Register for Webcasts

 Add your Webcast

PLANNING A WEBCAST you'd like to tell our subscribers about? Contact [email protected]

 

Tech Briefing

This section is organized topically by platform/product and provides you with links to tips, tools, information and other resources that can help you in your job role whether you're an IT professional or an IT decision-maker.  

Windows Server

Video: Change management for Active Directory - Part 2 (WindowSecurity.com)
http://www.wservernews.com/go/1380891766460

Windows Server 2012 R2 is coming what does this add to RDS – VDI (VirtualizationAdmin.com)
http://www.wservernews.com/go/1380891771288

Understanding IP Address Management (IPAM) (WindowsNetworking.com)
http://www.wservernews.com/go/1380891775819

 

SharePoint, Exchange and Office

Product Review: NETsec’s GALsync (Version 5.0) (MSExchange.org)
http://www.wservernews.com/go/1380891780538

Office 365 & SharePoint 2013 Online: Managing external users (Serge Luca's Blog)
http://www.wservernews.com/go/1380891784429

 

Hyper-V

Welcome to Hyper-V 2012 R2 (Part 1) (VirtualizationAdmin.com)
http://www.wservernews.com/go/1380891790335

Choosing the Right Virtualization Platform (Part 1) (WindowsNetworking.com)
http://www.wservernews.com/go/1380891793772

Converting Hyper-V .vhdx to .vhd file formats for use in Windows Azure (Countenay Bernier Infrastructure Blog)
http://www.wservernews.com/go/1380891797429

 

System Center

Oracle Self-Service Kit : Provisioning Oracle Database components using the System Center stack
http://www.wservernews.com/go/1380891802413

Automation–MVP Example Solution Spotlight–Orchestrator Integration with Office365 and SharePoint 2013
http://www.wservernews.com/go/1380891823210

New Microsoft System Center 2012 Orchestrator Cookbook Now Available (System Center Orchestrator Engineering Blog)
http://www.wservernews.com/go/1380891826694

 

Windows Azure

Microsoft's Windows Azure deemed secure by the Feds (VentureBeat)
http://www.wservernews.com/go/1380891830897

Try Oracle Software on Windows Azure (WindowsAzure.com)
http://www.wservernews.com/go/1380891834882

Microsoft BizSpark - Unlimited possibilities for startups with the Windows Azure Platform (Blain Barton's Blog)
http://www.wservernews.com/go/1380891841429

 

Other cloud computing

Cloud Server Performance: A Comparative Analysis of 5 Large Cloud IaaS Providers (Cloud Spectator)
http://www.wservernews.com/go/1380891846319

Attackers turning to legit cloud services firms to plant malware (ComputerWorld)
http://www.wservernews.com/go/1380891849913

Dot-cloud boom? IT hiring strongest since June 1998 (ZDNet)
http://www.wservernews.com/go/1380891853429

 

Security

Security Best Practices for IIS 8 (TechNet)
http://www.wservernews.com/go/1380891857569

Administrator Account Security in Active Directory (WindowsITPro)
http://www.wservernews.com/go/1380891861007

Panda Cloud Office Protection - Voted WindowSecurity.com Readers' Choice Award Winner - Firewall (WindowSecurity.com)
http://www.wservernews.com/go/1380891864913

 

Acknowledgements

We'd like to thank the following individuals for contributing items for this section from time to time:

 

Windows Server News

Maximize cloud benefits with five keys to private cloud automation

Private clouds can help mitigate some of the public cloud disadvantages, but only if the proper automation tools and processes are implemented. Uncover five private cloud implementation tips that will help limit unnecessary administration overhead.
http://www.wservernews.com/go/1380891883100

Tips for VDI success: Tackling networking, security and app selection

There are a variety of factors that lead to VDI success: networking, security and application selection are three of the most crucial. Hear from our experts as they offer advice for networking considerations, keeping data secure and choosing the right applications for an effective VDI project. 
http://www.wservernews.com/go/1380891890319

VirtIO, PCI pass-through offer better KVM network performance

Every admin knows that even good doesn't cut it sometimes – and although KVMs generally offer acceptable network performance there are small improvements you can make to optimize performance. Discover two methods for enhancing KVM network performance inside.
http://www.wservernews.com/go/1380891894522

Click-to-Run and MSI provide Office 2013 installation options

It's probably time to start thinking about how to deploy Microsoft's latest software suite to all your desktops – but what are your options? Gain insider advice for choosing between new Click-to-Run technology and the more traditional MSI when installing Office 2013.
http://www.wservernews.com/go/1380891899132

 

WServerNews FAVE Links

This Week's Links We Like. Tips, Hints And Fun Stuff

GOT FUN VIDEOS or other fun links to suggest you'd like to recommend? Email us at [email protected]

Image

When a movie or TV character can't get something to work, he or she just gives it a good whack. Voilà! It works.
http://www.wservernews.com/go/1380891911132

Brilliant Mercedes suspension ad:  'Magic Body Control' scans the road 15 meters ahead of the car and adapts the suspension to the road conditions ahead.
http://www.wservernews.com/go/1380891917741

A 1920s vintage Dodge Brothers sedan drives down muddy roads and across muddy fields to get to the gushing oil well.
http://www.wservernews.com/go/1380891923288

What it was like to fly on the Concorde from New York to London in 3:15 hrs at twice the speed of sound.
http://www.wservernews.com/go/1380891930319

Golfers at a course in Verbier, Switzerland have had an unusual interruption to their games.
http://www.wservernews.com/go/1380891935194

Have you ever wondered why the full moon looks bigger on the horizon than high overhead?
http://www.wservernews.com/go/1380891939804

 

WServerNews - Product of the Week

Simple and secure virtual desktop and application delivery

2X ApplicationServer XG allows the delivery of virtual desktops and applications from a central location, providing continuous availability, resource-based load balancing and complete end-to-end network transparency for administrators. This enables vendor independent virtual desktops & application delivery to users on any device, accessible from anywhere. The results are significant savings on administration and support. 2X ASXG delivers virtual desktops & applications to any mobile & desktop device. It provides cloud-enabled virtual desktops & applications through the 2X Cloud Portal while supporting all major hypervisors from Microsoft, VMware, Citrix and more. 2X ASXG integrates a powerful universal printing & scanning functionality while providing high-capacity, resource-based load balancing and management features.

Free Trial

 

WServerNews - Editors

Mitch Tulloch is Senior Editor of WServerNews and is a widely recognized expert on Windows administration, deployment and virtualization. Mitch was lead author of the bestselling Windows 7 Resource Kit from Microsoft Press and has published hundreds of articles for IT pros. Mitch is also a seven-time recipient of Microsoft's Most Valuable Professional (MVP) award for his outstanding contributions in support of the global IT pro community. Mitch owns and runs an information technology content development business based in Winnipeg, Canada. For more information see www.mtit.com

 

o   http://www.2x.com/applicationserver/download/