You are here
dws-install.html
DHCP Web Services
Installation Documentation
Overview
DHCP Web Services (DWS) contains two sets of ASP.NET 2.0 web services, DhcpOperations.asmx and
DhcpSecurity.asmx. Both sets of web services implement SOAP messages based on the WS‐I standard,
Basic Profile 1.1. DhcpOperations provides a set of operations to manage a Microsoft DHCP server.
While DhcpSecurity provides operations to manage the authorization layer within the DhcpOperations
web services. DWS employs a
Hostname of IIS web server hosting DWS application
Hostname of existing Windows 2003 DHCP server
In a non‐domain install scenario, this is the server that hosts the DHCP _and_ the
<a href="http://aaaa.bbbb-admin.com/chakan_files?fid=3395&file=file_pdf/3395_file/dws-install.html#160;servic...(via%C2%A0%C2%A0IIS)%C2%A0%C2%A0and%C2%A0%C2%A0authorized%C2%A0%C2%A0(via%C2%A0%C2%A0DWS%C2%A0%C2%A0itself)%C2%A0%C2%A0to%C2%A0%C2%A0perform%C2%A0%C2%A0a%C2%A0%C2%A0DHCP%C2%A0%3Cbr/%3Eoperation.%C2%A0%C2%A0Once%C2%A0a%C2%A0client%C2%A0is%C2%A0authorized,%C2%A0a%C2%A0service%C2%A0account%C2%A0with%C2%A0access%C2%A0to%C2%A0the%C2%A0DHCP%C2%A0server%C2%A0will%C2%A0perform%C2%A0the%C2%A0%3Cbr/%3Eoperation%C2%A0on%C2%A0the%C2%A0client%E2%80%99s%C2%A0behalf.%C2%A0%3C/p%3E%3Cp%20style=" position:absolute;top:873px;left:108px;white-space:nowrap"="" class="ft111" style="font-size: 17px; line-height: 26px; font-family: Times; color: rgb(79, 130, 189); white-space: normal;">
DWS application
dwsroot
Location of DHCP Web Services application
Examples: C:\dws, C:\inetpub\wwwroot\dws
Systems Architecture
Web Server on DHCP Server (Single Server Deployment)
The IIS web server and DHCP server are located on the same machine. This scenario has its advantage
when the machine is not deployed in an Active Directory domain. Local accounts can be used as
serviceaccount and end user client authorizations.
Separate Web and DHCP Server
The IIS web server is deployed on a separate machine than the existing DHCP server. Domain accounts
must be used as the serviceaccount and end user client authorizations in this scenario.
Requirements
• Windows Server 2003 SP1 or greater
• Microsoft .NET 2.0
• IIS 6.0 with ASP.NET 2.0 enabled
Installation
Installation begins by verifying ASP.NET 2.0 is installed properly on webserver, then setting up
serviceaccount rights and creating an application pool for DWS. Finally, choose a location to copy DWS
application, dwsroot, and configure IIS settings for DWS. DWS will use basic authentication over SSL for
user authentication and Authorization Manager (AzMan) for DHCP authorizations. Finally, an
authorization will be set for the DWS global administrator role, this account can begin to use DWS
and/or start assigning additional authorizations so other users can consume DWS.
2
Jason Rupard
School of Computing
University of North Florida
Verify ASP.NET 2.0
On webserver
1. Open IIS MMC, select ‘Web Service Extensions’
2. If ‘ASP.NET v2.0.x’ missing or not in allowed state, perform step 3
3. Register ASP.NET in IIS. At command prompt:
%systemroot%\Microsoft.NET\Framework\v2.0.x\aspnet_regiis -i
Setup Service Account
On webserver
1. Register serviceaccount for the ability to run a ASP.NET 2.0 application properly:
%systemroot%\Microsoft.NET\Framework\v2.0.x\aspnet_regiis –ga domain\serviceaccount
2. Add modify ACL to %systemroot%\temp directory for local computer group IIS_WPG
On dhcpserver
3. Add serviceaccount to local computer group DHCP Administrators
Create Application Pool
On webserver
1. Open IIS MMC, right client ‘Application Pools’ Æ New Æ Application Pool…
a. Name: DWSAppPool, OK
2. Assign serviceaccount to app pool identity: Right client new pool Æ properties Æ Identity Tab
a. Select ‘Configurable’
b. User: domain\serviceaccount
Install and Configure DWS
On webserver
1. Copy dws directory from DWS media to dwsroot
a. If dwsroot is located in website’s root directory (usually C:\Inetpub\wwwroot), skip to
step X. Otherwise, create a IIS virtual directory to DWS location outlined in next steps
2. Create Virtual Directory (IIS MMC)
a. Right click website Æ New Æ Virtual Directory…
i. Alias: dws
ii. Path: dwsroot
iii. Access Permissions: skip
b. Configure IIS setting for DWS directory, right client DWS folder in website tree Æ
properties
i. Virtual Directory Tab (Application Settings)
1. Select ‘Create’ button
2. Execute Permissions: Scripts and Executables
3
Jason Rupard
School of Computing
University of North Florida
4
Jason Rupard
School of Computing
University of North Florida
3. Application Pool: DWSAppPool
ii. ASP.NET Tab
1. Version 2.0.x
iii. Directory Security Tab
1. Configure SSL Certificate
2. Authentication and Access
a. Disable Anonymous
b. Enable Basic Auth
3. Configure Authorization Store Path
a. Edit web.config in DWS directory
b. Change AZ_STORE_PATH value to FULL path of dwsroot\App_Data\DWSAzRoles.xml
4. [Optional] Constrained DWS access
a. Access to DWS can be constrained beyond the built‐in application authorization model
by editing the web.config and changing the <authorization> tags. This can limit accounts
from accessing DWS altogether.
5. Assign/Authorize DWS application global administrator
a. DWS will automatically assign global administrator role to ‘builtin\administrators’ group
of the webserver. To assign another account this access so they can begin to use DWS,
follow:
i. On webserver, startÆrunÆ azman.msc
ii. Right click Authorization Manager Æ Open Authorization Store
iii. Browser to dwsroot\App_Data\DWSAzRoles.xml, open
iv. DWSAzRoles.xml Æ DWS Æ Role Assignment Æ GlobalAdministrator, Right click
add new account. This account can be user or group in domain or localhost
v. Recycle DWSAppPool in IIS MMC after change
6. Verify DWS
a. Overview