Chapter 2 - Connecting Windows NT Server to the Internet

Archived content. No warranty is made as to technical accuracy. Content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.

In the near future, it might be as common and simple to connect to the worldwide Internet as it is to connect to the worldwide telephone system. However, it is now a complex endeavor to connect servers or networks to the Internet. This chapter presents an overview of the concepts you use in connecting a server or network to the Internet. The chapter explains:

  • The basic process of connecting a server to the Internet.

  • Typical requirements for the server.

  • Where to find more detailed information about procedures.

  • Example network scenarios for connecting a computer or network to the Internet.

You can find extensive information on these topics by searching the Internet itself. It is recommended you seek resources on the Internet for more information on any topic. In addition, Table 2.1 lists references you can find in the Windows NT documentation and in the Microsoft Windows NT Server Resource Kit, version 4.0.

Table 2.1 Additional Information about Using Windows NT on the Internet

For information about

See

Connecting to the Internet as a client

Microsoft Windows NT Workstation Resource Kit: Windows NT Workstation Resource Guide

NetBIOS names

Windows NT Server Networking Supplement and Microsoft Windows NT Server Resource Kit: Windows NT Server Networking Guide

TCP/IP networking, including IP addresses and subnet masks, and DHCP and WINS servers

Windows NT Server Networking Supplement and MicrosoftWindows NT ServerResource Kit: Windows NT Server Networking Guide

Securing a server on the Internet

Windows NT Server Internet Guide, Chapter 3, "Server Security on the Internet"

Creating Internet Information Server sites

Windows NT Server Internet Guide, Chapter 4, "Desktop Scenarios," and Chapter 5, "Enterprise Scenarios"

Specific Internet server services or client applications included in the Windows NT Server Resource Kit

Windows NT Server Internet Guide, Chapter 7, "Internet Tools"

Troubleshooting Internet Information Server

Windows NT Server Internet Guide, Chapter 8, "Troubleshooting an Internet Information Server Installation"

Establishing an Internet Connection

You must establish an Internet connection to enable worldwide access to your site. Before you establish an Internet connection, you should:

  • Understand your network and how TCP/IP operates.

  • Select an Internet service provider (ISP) and determine what Internet services you will use.

This section explains network protocols and intranets, the formal requirements and procedures for participating in the Internet, Internet service providers, and how to choose the right connection.

When you connect a computer to the Internet, you must do a thorough security review and implement measures to protect your computer and network (if the computer is also connected to a private network) from intruders. For more information about securing computers and networks connected to the Internet, see Chapter 3, "Server Security on the Internet."

Network Protocols and Intranets

The Internet is a group of interconnected networks. When you create an Internet server, you are adding another network to the network of networks. The network you add to the Internet can be one computer, a small workgroup, or your entire corporation's local area network.

Network protocols are similar to language. Languages have different words, word patterns, and punctuation. A network protocol serves a similar role for computers attempting to communicate. The network protocol used on a network determines how packets (units of data) are configured and sent over the network cable. For more information about network protocols, see the Windows NT Server Networking Supplement and Windows NT Server Resource Kit Networking Guide.

The Internet primarily uses the TCP/IP (Transmission Control Protocol/Internet Protocol) network protocol. That means your computer must use the TCP/IP network protocol to participate. (TCP/IP is actually a suite of protocols. Internet Protocol is one of the protocols in the suite of protocols.) You can install TCP/IP during or after installation of Windows NT.

If you use TCP/IP on your internal network, as shown in Figure 2.1, your computer can act as a gateway to the Internet. By configuring Windows NT as a TCP/IP router you can pass packets of information in both directions— to the Internet from the intranet, and from the Internet into your intranet.

Cc750386.xig_a01(en-us,TechNet.10).gif

Figure 2.1: Windows NT–based computer connected to two networks

For more information about TCP/IP and the routing capabilities in Windows NT Server, see the Windows NT Server Networking Supplement, the Windows NT Server Networking Guide, and Chapter 3 in this book, "Server Security on the Internet."

IP Addresses and Domain Names

Each computer on the Internet has a unique address (the IP address). An IP address is in the form of four period-delimited octets consisting of up to 12 numerals—such as 172.16.16.189. Information is transmitted on the Internet in data packets. Each packet is addressed to a specific computer's IP address.

Because IP addresses are difficult to remember, the Domain Name System (DNS) was created for the Internet to pair a specific IP address, such as 172.16.16.189, with a "friendly" domain name, such as microsoft.com. When you use a domain name in an Internet browser, the browser first must contact a DNS server to resolve the domain name to an IP address, then contact the computer with that address.

This has two implications for your server running Internet Information Server (IIS server):

  • You must have a permanent IP address assigned to a server on the Internet.

  • You must register a domain name in the Domain Name System for your permanent IP address.

To establish a World Wide Web (WWW) server, you need a permanent IP address. To connect a TCP/IP network to the Internet, you need a valid IP address for each computer or device you want to be accessible from the Internet.

You must use a domain name if you want Internet users to be able to reach your Internet server or servers by the friendly domain name, such as microsoft.com. Both a registered domain name and an IP address are required for your Internet service to be seen and used by others on the Internet.

Most Internet service providers assign your IP addresses and can also register your domain names. Contact the Internet Network Information Center (InterNIC) or your ISP for more information about DNS registration.

To contact the InterNIC to register domain names and obtain IP addresses, connect to the Internet address https://internic.net.

If you must apply for your own domain name or IP addresses, you must have a good understanding of DNS and of TCP/IP networking. For more information about DNS and TCP/IP networking, see the Windows NT Server Networking Supplement and Windows NT Server Networking Guide.

Internet Service and Providers

You establish a connection to the Internet by leasing a line from an Internet service provider (ISP) or a telephone company. Your provider installs a cable at your site that is plugged into the network interface card (NIC) in your computer. Usually, a router is also installed between your computer and the ISP.

The services available on the Internet vary widely. The basic services required by Internet clients and servers are:

  • An Internet gateway (default gateway).

  • IP addresses and subnet mask.

An Internet service provider must provide the required services and often provides optional Internet services, such as DNS name resolution, domain name registration, electronic mail, and Internet news.

It is important to note that not all ISPs are alike; you need to find out their capabilities. Some questions to ask an ISP can include:

  • How are you connected to the Internet (backbone)? (For example, a T1, multiple T1s, or a T3 connection.)

  • What type of dedicated access do you offer? (For example, Frame Relay or shared T1.) Do you guarantee a minimum bandwidth?

  • Do you offer dial-up access to allow connections through telephone modems?

  • Do you offer Integrated Services Digital Network (ISDN) access?

  • What type of security do you offer?

  • What are your installation costs for each type of connection?

  • What are your monthly costs for each type of connection?

Internet service providers are local, regional, or national providers. Local ISPs are connected to the Internet through larger ISPs or through a regional network. Local ISPs usually have only one location. The larger regional and national ISPs have multiple locations. If your site has enough traffic to require a high-speed T3 line (45 megabits per second) to your ISP, consider connecting directly to a regional network.

Regional networks are sites selected by the National Science Foundation (NSF) to provide a common connection point to the Internet. Regional networks connect to other regional networks at 155 megabits per second through a backbone carrier—such as US Sprint, MCI MAIL, or AT&T.

Companies that require a large bandwidth for their Internet sites can connect directly to a regional network. Requirements vary by regional network provider, but usually a T3 line is the minimum bandwidth of a connection. For more details, contact the vendor who operates your local regional network.

The Microsoft Network (MSN™) is an Internet service provider. You can find other Internet service providers listed in your local phone book (usually under "computer network services"). Internet service providers also frequently advertise in local newspapers or computer magazines.

How to Choose the Right Internet Connection

You connect to the Internet through a network adapter card or other network device, such as a modem or ISDN card. Internet bandwidth is measured in bits per second (bps).

Your Internet bandwidth determines how fast data gets to your computer and also how many requests can be serviced simultaneously. As more computers get data through your Internet connection simultaneously, delays or failures can occur if you do not have enough bandwidth.

When you lease an Internet connection, your ISP installs a network cable to your site. Leased connection speeds range from 56,000 bps (or 56 kilobytes per second) with Frame Relay to 45,000,000 bps (or 45 megabytes per second) with a T3 connection. A dial-up ISDN line can offer speeds up to 128,000 bps (or 128 kilobytes per second).

The connection types described in Table 2.2 represent typical levels of service for full Internet connections in North America and Japan. The Internet services offered through Internet service providers in your country/region might differ significantly.

Table 2.2 Common Internet Service Connection Types

Connection type

Maximum bandwidth

Approximate number of users supported

Dedicated PPP/SLIP

Modem speed

2-3

56K (Frame Relay)

56,000 bps

10-20

ISDN (using PPP)

128,000 bps

10-50

T1

1,540,000 bps

100-500

Fractional T1

Varies as needed

Varies as needed

T3

45,000,000 bps

5,000+

To understand these speeds in practical terms, assume a page of text is 42,240 bits. (One character is 8 bits. Therefore, 8 bits x 80 characters in a line x 66 lines per page = 42,240 bits per page.) A 28.8 Kbps modem can transfer .67 pages per second. A 128,000 bps ISDN line can transfer three pages per second. A 1,500,000 bps T1 line can transfer 35.5 pages per second.

For example, a light-duty server can use a 56 Kbps link or ISDN. A server with medium traffic might have a T1 line or some fraction of a T1 line installed. Large businesses that expect heavy Internet traffic might need fractional or multiple T1 lines or even T3 service in order to handle thousands of users.

Modem connections to the Internet are available, but are typically used for individual client browsing and are not recommended for servers. A connection to the Internet that uses a phone line and modem can service only two or three users simultaneously. (Modem connections might be used for text-only Internet servers with only a small number of potential users.) Modem connections are often called "slow links" because data is transmitted at the speed of the modem, typically from 9600 to 28,800 bps. This is far too slow for efficient operation of a World Wide Web server, for example.

Selecting Hardware and Software to Run Internet Information Server

Many variables influence hardware and software selection. The guidelines and case studies in this section are presented to help you determine the best choices for your situation.

Internet Information Server Hardware Guidelines

The type of processor and the amount of RAM you choose for your system can affect the performance of your server. For example, in laboratory conditions an 80486DX/50 computer with 52 MB of RAM running Microsoft Windows NT Server and Internet Information Server can handle more than 100 simultaneous users or sessions.

The number of simultaneous users your server can handle varies according to the type of session that is open and other factors. A server is able to accommodate more users when they are running sessions that are not processor-intensive, such as electronic mail (e-mail), Telnet, and FTP. Sessions that are processor-intensive include those that run Common Gateway Interface (CGI) scripts, make database queries, and download Hypertext Markup Language (HTML) files.

Table 2.3 lists the minimum and recommended hardware needed to run Microsoft Windows NT Server 4.0 and Internet Information Server.

Table 2.3 Hardware Requirements and Recommendations

Hardware requirement

Minimum

Recommended

Processor

50 MHz 486

90 MHz Pentium®

RAM

16 MB

32 to 64 MB

Free hard disk space

50

200

Monitor

VGA

Super VGA

CD-ROM drive

3X

6X

RAM

The amount of RAM needed by your server is dependent on a number of factors, including:

  • The number of simultaneous users.

  • The number of Hypertext Transfer Protocol (HTTP) users (high memory use) versus Gopher and FTP users (lower memory use).

  • The amount of RAM used for cache.

  • The size of swap file.

  • The amount of free disk space.

  • The amount of RAM used for video.

  • The number of services running.

  • The type of processor.

  • The SQL database searches.

Taking into consideration all of these variables, a general guideline is to allow about 256K of RAM per simultaneous user.

www.microsoft.com

The Web site for Microsoft, www.microsoft.com, handles three million requests a day. In a 24-hour time period, this averages more than 2,000 hits per minute.

The www.microsoft.com Web site consists of two computers running Internet Information Server on Microsoft Windows NT Server. Each computer has multiple 66-MHz Intel Pentium processors, 8 GB of usable hard disk space, and 128 MB of RAM. One computer uses four Pentium processors and the other uses two.

Internet Information Server Software Requirements

Internet Information Server runs on Windows NT Server 4.0. You should install the latest service pack. Windows NT 4.0 service packs are available through The Microsoft Network (MSN), CompuServe, and on the Internet at https://www.microsoft.com.

Table 2.4 shows a typical software configuration for your Internet server.

Table 2.4 Software Requirements and Recommendations

Software

Description

Operating system

Windows NT Server 4.0 or later, with the latest service pack

Server software

Internet Information Server (included with Windows NT Server 4.0)

HTML creation

Microsoft Word for Windows® 95 and Microsoft Internet Assistant for Word

Internet Networking Scenarios

This section describes Internet and intranet scenarios that use Windows NT Server. The components used on the Internet or to connect to the Internet are identified and explained. The components are applied to Internet scenarios. And finally, an intranet is defined and scenarios for connecting your intranet to the Internet are illustrated.

Networking Software for the Internet

Windows NT Server provides all the networking software necessary to connect an information server or network to the Internet. The Windows NT software used is defined in Table 2.5.

Table 2.5 Networking Software Used for Connecting to the Internet

Windows NT software component

Function

Infrastructure

 

TCP/IP protocol

Is required to communicate with other computers on the Internet.

DHCP server

Dynamically assigns TCP/IP configuration to computers on a network.

WINS server

Provides name resolution for NetBIOS names.

DNS server

Provides name resolution for Domain Name System names.

HOSTS file

Provides name resolution for DNS names.

LMHOSTS file

Provides name resolution for NetBIOS names.

Connectivity

 

Remote Access Service

Enables incoming connections from remote clients that are using Dial-Up Networking or other PPP or Serial Line Internet Protocol (SLIP) dial-up software.

Dial-Up Networking

Provides low-speed connections to the Internet. Primarily used by clients connecting to a Remote Access Service server or Internet service provider.

RIP (routing information protocol) for Internet Protocol

Provides routing for high-speed connections to the Internet (or other networks). Primarily used on small to medium-size networks.

Publishing

 

Internet Information Server

Enables file and application sharing by using the HTTP, FTP, and Gopher protocols. Requires a computer running Windows NT Server.

Peer Web Services

Enables file and application sharing by using the HTTP, FTP, and Gopher protocols. Requires a computer running Windows NT Workstation.

Internet Explorer

Enables access to shared files and applications by using Internet protocols.

To complement these primary tools, you can also use tools in the Windows NT Resource Kit (see Chapter 7, "Internet Tools"), public domain programs available on the Internet, or commercial products that include more features and technical support.

You also need a connection to the Internet. Depending on your needs, the connection can be a 28.8 Kbps modem and dial-in Point-to-Point Protocol (PPP) account, or a dedicated high-volume line supplied by an Internet service provider for an Internet server or providing an Internet gateway for an intranet.

For information about

See

The physical connection to the Internet

"Establishing an Internet Connection," earlier in this chapter

The Internet tools in this Resource Kit

Chapter 7, "Internet Tools"

Using Windows NT Server on the Internet

This section explains typical Internet scenarios with Windows NT Server .

Internet Client

The simplest way to connect to the Internet is as a client. As a client you use Internet Explorer or other tools to search for information.

This configuration allows outbound traffic to the Internet only, as illustrated in Figure 2.2. (For more information about client connections to the Internet, see the Windows NT WorkstationResource Guide, Chapter 35, "Using Windows NT Workstation on the Internet.")

Cc750386.xig_a02(en-us,TechNet.10).gif

Figure 2.2: Windows NT as Internet client

In this scenario, the computer running Windows NT Server (or Windows NT Workstation) uses Dial-Up Networking and a modem to connect to an Internet service provider. After successful connection to the Internet service provider, the user can start and use any TCP/IP–based applications, such as Internet Explorer or the command-prompt FTP client.

For this type of scenario, you need to install and configure the following hardware or services:

  • Internet client tools, such as Internet Explorer, FTP, or Telnet

  • TCP/IP networking protocol

  • Dial-Up Networking

  • A modem

  • PPP or SLIP dial-in account to an Internet service provider

Internet Web Server

Expanding the preceding configuration, you can create two-way communication with the Internet as illustrated in Figure 2.3.

Cc750386.xig_a03(en-us,TechNet.10).gif

Figure 2.3: Windows NT Internet Information Server and client

In this scenario, the computer running Windows NT Server has a leased line to an Internet service provider. You install Internet Information Server and make information available to remote users on the Internet. In addition, the computer running Windows NT Server can use any TCP/IP–based applications, such as Internet Explorer or the command-prompt FTP client.

For this scenario, you need to install and configure the following hardware or services:

  • Internet Information Server

  • TCP/IP networking protocol

  • Network interface card

  • Leased line to an Internet service provider

  • Domain name registration, as described in the section, "Establishing an Internet Connection"

For more information about Internet servers, see Chapter 4, "Desktop Scenarios," and Chapter 5, "Enterprise Scenarios."

Note: Security becomes an important issue when you are connected to the Internet. This section describes only basic Internet scenarios. Many options that are not mentioned in this chapter exist to protect your computer or intranet from external intruders. For more information on security, see Chapter 3, "Server Security on the Internet."

Using Windows NT Server on an Intranet

An intranet is a private local area network that uses Internet technology. The functions on an intranet are identical to the functions on the Internet. You can install Internet Information Server on any computer on your intranet that runs Windows NT Server, and it can be accessed by Internet Explorer or any other client that supports the HTTP, FTP, and Gopher protocols.

To operate on an intranet, you need to provide a networkwide name resolution system by using WINS servers, DNS servers, or a HOSTS or LMHOSTS file. (For more information about using HOSTS and LMHOSTS for name resolution in an Internet scenario, see Chapter 5, "Enterprise Scenarios." For more information on using HOST and LMHOSTS in general, see the Windows NT Server Networking Supplement.)

Heterogeneous clients can use all the resources on your network, such as Internet Information Server, databases, DHCP servers, and WINS servers, as shown in Figure 2.4.

Cc750386.xig_a04(en-us,TechNet.10).gif

Figure 2.4: Typical intranet components

In this scenario, you install Internet Information Server and make information available to local users on the network.

For any intranet scenario, you need to install and configure the following hardware or services:

  • A computer running Internet Information Server

  • TCP/IP networking protocol on every computer that will use the IIS server

  • Network interface cards on all computers

  • An Internet browser, such as Internet Explorer, on every computer that will access the IIS server

  • Domain name resolution, as described in the section, "Establishing an Internet Connection"

Connecting Your Intranet to the Internet

You can configure your network to allow intranet clients to be able to access the Internet. You create two-way communication with the Internet by configuring Windows NT and configuring RIP for Internet Protocol routing as shown in Figure 2.5.

Cc750386.xig_a05(en-us,TechNet.10).gif

Figure 2.5: Intranet access to the Internet by using Windows NT

In this scenario, the computer running Windows NT Server has a leased line to an Internet service provider. The RIP for Internet Protocol service is installed. An Internet service provider router uses the routing information protocol (RIP) to communicate with the computer running Windows NT Server RIP for Internet Protocol service. By using RIP, the Internet service provider's router learns the IP address of all computers on the private network. This enables traffic from the Internet to be routed to computers on the private network, and traffic from private network computers to be routed to the Internet.

For this scenario, you need to install and configure the following hardware or services:

  • A computer running the RIP for Internet Protocol service

  • TCP/IP networking protocol on every computer that will use the Internet

  • Network interface cards on all computers

  • An Internet browser, such as Internet Explorer, on every computer that will access the Internet

  • Internet-wide domain name resolution, as described in the section, "Establishing an Internet Connection"

For more information about the RIP for Internet Protocol service (part of Windows NT Server multiprotocol routing functionality), see the Windows NT Server Networking Supplement and Windows NT Server Networking Guide.

Connecting Intranet Clients to the Internet with Remote Access Service

The Windows NT Server Remote Access Service (RAS) can be added to the above configuration to provide remote clients with an Internet gateway. This type of configuration expands your intranet configuration as illustrated in Figure 2.6.

Cc750386.xig_a06(en-us,TechNet.10).gif

Figure 2.6: Remote client Internet gateway

In this scenario, the computer running Windows NT Server has a leased line to an Internet service provider. The RIP for Internet Protocol service and Remote Access Service are installed on this server. An Internet service provider router uses the routing information protocol to communicate with the computer running Windows NT Server RIP for Internet Protocol service. By using RIP, the Internet service provider's router learns the IP address of all computers on the private network. This enables traffic from the Internet to be routed to computers on the private network, and traffic from private network computers to be routed to the Internet.

By using the Remote Access Service, Windows Dial-Up Networking clients or other dial-up clients can connect to the RAS server and the local network. Because the RIP for Internet Protocol service is also on the network and routes packets to and from the Internet, remote clients also have access to the Internet. Thus, local network clients and remote RAS clients can use the local network and the Internet.

For this scenario, you need to install and configure the following hardware or services:

  • A computer running the RIP for Internet Protocol service and the Remote Access Service

  • TCP/IP networking protocol on every computer that will use the Internet

  • A multiport adapter, which allows multiple remote clients to dial in to the computer running RAS

  • Network interface cards on all computers

  • An Internet browser, such as Internet Explorer, on every computer that will access the Internet

  • Dial-Up Networking on remote clients that will dial in to the RAS server

  • Internet-wide domain name resolution, as described in the section, "Establishing an Internet Connection"

For more information about the RIP for Internet Protocol service and the Remote Access Service, see the Windows NT Server Networking Supplement and Windows NT Server Networking Guide.

On a small intranet (that is, an intranet with less than 20 computers), the RAS server can use Dial-Up Networking, simple TCP/IP routing, and a PPP connection to its Internet service provider in place of a leased line and the RIP for Internet Protocol service. In this configuration you can connect both intranet clients and remote Dial-Up Networking clients to the Internet, as shown in Figure 2.7.

Cc750386.xig_a07(en-us,TechNet.10).gif

Figure 2.7: Internet gateway for a small intranet with remote clients

In this scenario, the computer running Windows NT Server has a Dial-Up Networking connection to an Internet service provider. Simple TCP/IP routing is enabled, and a static routing table is created for the computers on the private network. You must also provide routing information to the Internet service provider because simple TCP/IP routing does not use the routing information protocol to communicate with the Internet service provider's router. The routing information you supply enables the routing of Internet traffic to and from the computers on the private network.

The Remote Access Service, installed on the server, accepts incoming calls from remote clients that use Dial-Up Networking or other dial-up client software. The Remote Access Service enables Windows Dial-Up Networking clients or other dial-up clients to connect to the RAS server and the local network. This configuration can also support a light-duty IIS server.

For this scenario, you need to install and configure the following hardware or services:

  • A computer running simple TCP/IP routing and a static routing table

  • TCP/IP networking protocol on every computer that will use the Internet

  • The Remote Access Service

  • A multiport adapter, which allows multiple remote clients to dial in to the computer running Remote Access Service

  • Network interface cards on all computers

  • An Internet browser, such as Internet Explorer, on every computer that will access the Internet

  • Dial-Up Networking on remote clients that will dial in to the RAS server

  • Internet-wide domain name resolution, as described in the section, "Establishing an Internet Connection"

For more information about simple TCP/IP routing and the Remote Access Service, see the Windows NT Server Networking Supplement and Windows NT Server Networking Guide.

For more information about creating an Internet gateway, see Chapter 6, "Internet Connectivity Scenarios Using the Remote Access Service."