DCOM Tunneling Through TCP/IP

A different way of accomplishing the same result is by tunneling DCOM through TCP/IP. This method marshals an initial connection from the client to the server through the HTTP protocol, which then sets up a direct connection between the DCOM proxy on the server and the DCOM proxy on the client. From that point on, all DCOM communications between these two computers takes place through a single TCP/IP connection. This connection is often referred to as SSL tunneling and is part of Microsoft's COM Internet Services (CIS) .

The attraction of this approach is that it requires nothing special from an application programming aspect. All you have to do is create a regular DCOM application with server-side objects and a client application. Tunneling DCOM through TCP/IP is purely a configuration matter.

Client Configuration

Your ability to tunnel DCOM through TCP/IP is dependent on various updates to the Windows operating systems (including the COM Internet Services). The minimum configurations are listed in Table 9.2.

After you install the OS software upgrades, you need to configure DCOM to enable tunneling through TCP/IP. If you have Windows 95 or Windows 98, you do so from a DOS shell, using the CISCNFG utility, as follows:

CISCNFG tcp_http

The available arguments for the CISCNFG utility are listed in Table 9.3.

If you use NT 4 or Windows 2000, you need to use the DCOMCNFG utility instead. You run this utility either from a DOS prompt or by choosing Start|Run. After you start the DCOMCNFG utility, select the Default Protocols tab, as shown in Figure 9.6. On this tab, click the Add button, and select Tunneling TCP/IP from the combo box, as shown in Figure 9.7. Click OK twice and then reboot your system. After your system has rebooted, all DCOM communications from your system to a DCOM server will try each of the communications protocols listed in the DCOMCNFG utility in the order listed.

At this point, your system is configured to use DCOM tunneling as a client. All that remains for you to do on the client is to install the client applications and configure the DCOM stubs as with any other standard DCOM application.

Server Configuration for DCOM

The server configuration for tunneling DCOM is a little more involved than the client. First, the server side can run only with Internet Information Server (IIS) 4.0 or higher. If you're running it on NT 4, you need to install Service Pack 4. A second requirement is that you cannot run the server side of tunneling DCOM on the same machine as Microsoft's Proxy Server.

NT 4 Server Configuration

To configure the server, you first need to create a new directory under the Inetpub directory. This new directory should be named RPC. For instance, if your Inetpub directory is in the root directory of your C drive, the new directory would be C:Inetpub pc.

Next, you need to copy the rpcproxy.dll from the Windows system directory to the new Inetpub pc directory.

You need to perform the next few steps of the configuration in the Internet Service Manager. To run the Internet Service Manager, from the Start menu, select Programs|Windows NT 4 Option Pack|Microsoft Internet Information Server|Internet Server Manager. In the left pane, expand the tree views as follows:

• Console Root

• IIS

• your machine name>

• Default Web Site

Now you need to create a virtual root for the Inetpub pc directory. To do so, select the Default Web Site node in the tree view, right-click, select New from the context menu that appears, and then select Virtual Directory from the cascading menu, as shown in Figure 9.8. Next, fill in the Virtual Directory Wizard using the information listed in Table 9.4.

After you add the virtual directory, you need to change the connection timeout value for the default Web site. To do so, right-click over the Default Web Site node in the tree on the left side of the Internet Service Manager. From the context menu that appears, select Properties. Then select the Web Site tab in the Default Web Site Properties dialog, change the Connection Timeout value to 300 (5 minutes), and click OK to save this change and close the Default Web Site Properties dialog.

Finally, you need to install the RPCProxy ISAPI filter . To do so, move up one node on the tree on the left side of the Internet Service Manager, selecting the node with your computer name. Right-click and select Properties from the context menu that appears. On the Properties dialog, select the Internet Information Server tab, select WWW Service in the Master Properties combo box, and click the Edit button next to the combo box to open the WWW Service Master Properties dialog. On this dialog, select the ISAPI Filters tab, as shown in Figure 9.9, and click the Add button. In the Filter Properties dialog that appears, enter the information shown in Table 9.5. When you've finished, the dialog will look like the one shown in Figure 9.10.

After you save the RPCProxy filter information (by clicking OK three times to close the respective dialogs), you need to stop and restart the Internet Information Server for these changes to take effect. From here, you need to enable CIS on your server, which I'll get to shortly.

Windows 2000 Server Configuration

Configuring Windows 2000 to be a CIS server is a little easier than configuring NT 4. First, CIS is a part of the original shipping operating system, not an extension that was added after the OS originally shipped. This means that all the necessary CIS components are available as options from the Networking components on the installation CD-ROM, and you can use the Windows 2000 installation utilities to add and configure the service.

Adding the CIS services to a Windows 2000 server requires three simple steps. First, from the Control Panel, open the Add/Remove Programs utility. In the utility, click the Add/Remove Windows Components button.

When the Windows Components Wizard opens, select Networking Services and click the Details button. In the Networking Services dialog that appears, check the box beside COM Internet Services Proxy, as shown in Figure 9.11. Click OK a couple of times to add this service to your server (assuming that this networking option wasn't included in the initial installation of Windows 2000, in which case you'll find that the CIS Proxy option is already selected).

Enabling CIS on the Server

After you have the RPCProxy installed on your server, you need to configure DCOM to use the tunneling TCP/IP protocol. This process requires two steps. The first step is adding the tunneling TCP/IP protocol using the DCOMCNFG utility, just as you added it to your NT 4 or Windows 2000 clients earlier in this chapter (refer to Figures 9.6 and 9.7). The second step, after you have rebooted your server, is to enable the COM Internet Services on your server. You do so by running the DCOMCNFG utility again and selecting the Default Properties tab. On this tab, check the Enable COM Internet Services on This Computer option, as shown in Figure 9.12.

At this point, you are finished configuring the client and server computers for tunneling DCOM, so all you have to do is install the appropriate components on the server, their DCOM stubs on the client, and the client application on the client computers. The rest of the configuration responsibilities fall on the network administrator to configure any proxy servers or firewalls that these communications must pass through to allow non-HTTP traffic on port 80.