Configuring IIS To Host an FTP Site (Part 1)

If you would like to read the other parts in this article series please go to:

Introduction

It is easy to think of IIS as just being an application for hosting Websites, but IIS can also be configured to act as an FTP server that allows users to upload and / or download files. An IIS FTP site can be bound to a Web site or it can be a standalone site. In either case, IIS offers you a great deal of flexibility in setting up an FTP site. In this article series, I will show you how to install the necessary services, and how to provision your IIS server. I will also show you some variations of these techniques that you can use to adapt your FTP site to specific types of situations.

Why Use FTP?

FTP (File Transfer Protocol) is far from being the only game in town when it comes to file transfers, so you may be wondering why I am bothering to write about FTP as opposed to some other type of file transfer mechanism. After all, the FTP protocol has been around since 1971, and is a bit dated to say the least.

I am not going to try to tell you that FTP is the be all – end all when it comes to file transfer protocols. There are certainly file transfer methods that are more efficient. Even so, there are a couple of different reasons why I chose to write about FTP. For starters, FTP is universal. Everybody knows what FTP is, and it works on pretty much every operating system.

FTP completely masks the complexities of interacting with various operating systems and file systems. It doesn’t matter if a user is using Linux, Windows 95, Windows Vista, or something really obscure. As long as their operating system is FTP aware, they can transfer files to or from an IIS server that is running on Windows Server 2008.

The other reason why I wanted to write about FTP is because the FTP services are included with IIS. You do not have to develop or purchase any additional software. Simply install the necessary components, adjust a few configuration settings, and you are in business.

Installing an FTP Server

Windows Server 2008 gives you two different options for installing an FTP Server. One option is that you can install the FTP server through the GUI. The other option is to configure the server to operate as a server core installation. As you might have heard, server core deployments are entirely command line driven, but are arguably more secure than their GUI counterparts because fewer Windows components are installed. In the interest of reducing complexity, I am going to focus my discussion on performing a traditional, GUI based installation.

With that said, begin the process by opening the Server Manager and scrolling through the pane on the right to the Roles Summary section. Next, click the Add Roles link that’s located within this section. When you do, Windows will launch the Add Roles Wizard.

Click next to bypass the wizard’s Welcome screen, and you will be taken to the Select Server Roles screen. Select the check box corresponding to the Web Server (IIS) role, and click Next. You will now be taken to the wizard’s Select Role Services screen. This screen lists the various IIS related components that you can install. Since many of the services required by an FTP server are selected by default, go ahead and click Next to accept the default values. You will now be taken to a confirmation screen that lists the choices that you have made. Take a moment to review the components that will be installed, and then click the Install button. When the installation process completes, verify that the installation was successful, and then click the Close button.

Now, open the Server Manager and navigate through the console tree to Server Manager | Roles | Web Server (IIS). Upon selecting the Web Server (IIS) container, scroll through the pane on the right until you locate the Role Services section. As you examine the entries in this section, you will notice that the FTP Publishing Service and its subcomponents are not installed.

You can install these components by clicking the Add Role Service link. Upon doing so, Windows will open a dialog box that prompts you to select the role services that you want to install. Select the check box corresponding to the FTP Publishing Service. Upon doing so, the underlying FTP Server service and the FTP Management Console check boxes will also be selected. Leave these items selected.

Click Next, and Windows will display a summary screen that shows you which role services that you are about to install. Assuming that your choices appear to be correct, go ahead and click the Install button. Windows will now install the selected role services. When the installation process completes, take a moment to verify that the installation was successful, and then click the Close button. I also recommend going back to the Server Manager and taking another look at the Role Services for the Web Server (IIS) role. You should be able to verify that the FTP Publishing Service, the FTP Server, and the FTP Management Console are all installed.

Securing Your FTP Server

Now that the necessary role services are installed, it is probably a good idea to secure your FTP server. One of the primary techniques used to secure an FTP session is to encrypt the session using SSL. Keep in mind that SSL encryption is not mandatory though. In some cases uploading or downloading unencrypted files is not a big deal. For example, I downloaded a new Microsoft Word template from one of my publishers via FTP last week. The transmission wasn’t encrypted, but it really did not matter because it was just a document template. In any case, it is a good idea to at least give your users the option of encrypting the session if they want to.

SSL encryption is based on the use of digital certificates. The certificate is not just used as the basis for encryption, it also serves as a mechanism to positively identify your server. There are actually three different options available to you in regard to using a certificate. You can purchase a certificate from a commercial certificate authority, you can generate your own certificate from a Windows Server that is configured to act as an Enterprise Certificate Authority, or you can configure your FTP server to generate a self signed certificate.

When you are trying to decide which method to use, remember that the client computer has to trust the certificate that the server is using. Windows clients automatically trust certificates from the major commercial certificate providers. They will usually also automatically trust an Enterprise Certificate Authority, so long as the client machine is a domain member. A client will never automatically trust a self signed certificate.

Conclusion

As you can see, certificate trust is a major issue when it comes to providing SSL encryption. In Part 2, I will continue the discussion by showing you how to configure a client to trust an otherwise untrusted certificate. I will also show you how to enable SSL encryption for your FTP server.

 If you would like to read the other parts in this article series please go to:

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top