Back to 9/96 Cover Story: When to Say No to NT
Up to Table of Contents
Ahead to 9/96 Cover Story: Change Is Good

9/96 Cover Story: Windows NT 4.0 and the Internet

By David W. Methvin

Click Here to see a 24.3 KB bitmap image of artwork which goes with this article, entitled:
Internet Services Administrator

WINDOWS NT 4.0 is Microsoft's first major product release since Internet mania gripped the PC world late in 1995. So naturally, NT 4.0 includes lots of Internet-related features. Many are just minor upgrades of software that has been available from Microsoft's Web site for months, but NT 4.0 is the first to integrate all these features.

Internet Information Server. Internet Information Server (IIS) 2.0 is the linchpin of the Internet support in both NT Server 4.0 and NT Workstation 4.0. The latter includes a limited- use version of IIS. IIS offers servers for World Wide Web, file-transfer protocol (ftp) and gopher services. It's implemented as a set of NT services you can install, start or stop without rebooting the operating system. Installation is integrated into the main NT setup.

A Windows-based Internet Service Manager can be administered through a special set of Web pages. This Web-based administration (new with IIS 2.0) requires a secure log-in, either via the Microsoft challenge-handshake authentication protocol (MSCHAP) or Netscape-style secure sockets layer (SSL).

IIS 2.0 now supports the image map file formats used by both CERN and NCSA servers, which could make it easier to port a Web site from these UNIX-based Internet servers. Because IIS 2.0 still uses a log file format that differs from those of most UNIX servers, many of the log analysis utilities available on the Internet won't work with IIS. Microsoft says scripts are available to convert between the two log file formats, but IIS should really have an option to generate the UNIX log format.

The lack of a server-side Exec capability may also cause trouble, especially for UNIX transferees. (IIS supports server-side includes, where the contents of one file can be placed inside another when a browser requests the file.) Although server-side Execs can cause serious security problems if used incorrectly, they're often employed for dynamic content such as ad rotation or visit counters. The ISAPI interface in IIS offers a much safer-and higher-performance-means of achieving the same goal, but you'll need to learn a new interface and write some code.

IIS 2.0 has improved security as well. Microsoft fixed a serious security problem IIS 1.0 had with batch files, so you'll want to upgrade for that reason alone. IIS lets you log errors along with successful requests for files, which may help you find situations where outsiders are attempting to break into your server. The online IIS documentation carefully explains the security implications that arise from using certain features. Because most people don't bother to read the manuals, IIS also disables some potentially dangerous features and will warn you when you activate such a feature.

Although this NT 4.0 beta wasn't in benchmark shape, Microsoft claims IIS 2.0 is up to 40 percent faster than IIS 1.0. In most cases, this won't be perceptible from a browser because bandwidth is usually the limiting factor for Web server throughput. However, it may let you use a less powerful computer for the server. It might also make more CPU time available for other tasks on the server.

IIS 1.0 ran only on NT Server, but NT Workstation 4.0 includes a limited-use version of IIS. Microsoft calls the workstation version Peer Web Services (PWS), and plans to take out a few IIS features it feels aren't needed for these lightweight Web servers. At press time, Microsoft wasn't able to give us a final list of features that it will remove, but confirmed it will limit PWS to no more than 10 simultaneous connections. Peer Web Services are intended for Web-page developers and small workgroups.

Internet Privacy, Please. Its name doesn't quite trip off the tongue, and it's not very photogenic, but the point-to-point tunneling protocol (PPTP) is probably one of the most important additions to NT 4.0. Using PPTP is like driving a tank down the highway. There may be some bad things going on out there in cyberspace, but whatever happens is not likely to bother you.

Technically, PPTP encapsulates and encrypts each message, then sends it through the Internet to a remote computer. The remote computer opens and decrypts the encapsulated message, and forwards it to the ultimate destination computer. In a large organization, this remote computer would typically be a PPTP gateway that would pass messages through a firewall.

Because the messages are encapsulated, the original message doesn't even have to use TCP/IP. It's quite feasible, for instance, to use PPTP with the IPX protocol. During the tunneling process, the original IPX message will be wrapped in a packet that has an IP address so it can be routed through the Internet. When the message is unwrapped at its destination, it will be transmitted as an IPX message. The receiver isn't even aware TCP/IP was used.

The biggest advantage of PPTP is its money-saving potential. Most companies use separate dial-up lines, dedicated modems, leased phone lines or other specialized hardware for remote communications. In addition, workgroup modem connections have become a serious security problem for many companies, because they bypass the corporate firewall. PPTP makes it easier to audit and control all data traffic to and from a site without impairing company communications between sites.

NT Workstation includes client-side support for PPTP; NT Server 4.0 offers both client and server PPTP capabilities.

Back to 9/96 Cover Story: When to Say No to NT
Up to Table of Contents
Ahead to 9/96 Cover Story: Change Is Good