IIS, ActiveState, SSL - Doing it yourself 2

[1DMF]

Hello guys,

it's a mixed bag this question but hopefully you can point me in the right direction and help me to understand the pitfalls and indeed if we have kit capable of doing it ourselves.

basically I'm fed up of the incompetent and apaulling service from our 3rd party webhost and am concidering doing it myself. We have a HP ML350 dual Zeon (2 x 3.06ghz)with 2 GB of DDR ram and 3 x 72 GB SCSI disks running Raid, level 5 striping.

The OS is windows SBS 2003 which has Exchange, IIS, ISA, SQL and of course is the PDC and ActiveDirectory (our hardware firewall provides DHCP).

We have a 4mb down and 0.75 upstream broadband connection.

inhouse we have 8 users and externally we have @ 100 members, and usually you'd be lucky if 20 of them were logged onto the website @ any one time!

How hard, how safe and do I have the kit to bring the PERL website inhouse, is installing and running PERL on windows IIS fairly simple and secure and would our set up handle the intended usage?

Any help with understanding if we have the hardware to run it and help with the migration is very much appreciated, we would also need an area running SSL, but do not own a thwaite SSL certificate and so would want to use the one supplied by the server as used by Outlook Web Access.

All help and advice is much appreciated.

Regards,

1DMF





"In complete darkness we are all the same, only our knowledge and wisdom separates us, don't let your eyes deceive you.

 

[NullTerminator]

1DMF,

The ActiveState perl install on IIS is very good. It will add a mapping for perlis.dll to you website.. The default extension mapping is .plx, with .pl going to perl.exe. Perl.exe having the expense of spawning a process for each request. The perlis.dll is an ISAPI extension and runs in process much like mod_perl. You may want to tweak the application mappings to map .pl to perlis.dll.

Make sure IIS is NOT running under the 'system' account. Create a domain WebSrvr account and lock it down. Block some of the known IIS vulnerabilities such as *.hta, *.htc, etc. (Disable the mappings of these extensions) Block web based administration. Google on IIS vulnerabilites. This list is far from complete.

The SSL layer is handled by IIS so that would have no effect on the perl portion.

My gut tells me your hardware is sufficient.

Jeb

 

[Rieekan]

I'd say your pipe may need to be upgraded to handle the bandwidth of external users. .75mb upstream isn't that much if your users are downloading files and such. And, if this connection is shared with the 8 people working there (them allowed to access the internet at large), then that takes more away from the pipe while they're at work.

Just things to think about,

- George

 

[1DMF]

Thanks guys, I thought this would be a can of worms opening our server up to security issues and our broadband not being man enough for the job, oh well it was a nice thought.

"In complete darkness we are all the same, only our knowledge and wisdom separates us, don't let your eyes deceive you.