The BITS Compact Server with BITS Remote Management helps secure remote file transfers. BITS Remote Management uses BITS Windows Management Instrumentation (WMI) providers to let a system administrator or a controller application remotely create BITS jobs on the clients and publish files for hosting on the BITS Compact Server. BITS WMI providers can remotely transfer files from one remote computer to another remote computer by using the BITS client in conjunction with the BITS Compact Server. This feature is primarily designed to work with Microsoft System Center Virtual Machine Manager (VMM) as the controller application. However, any application that can use the BITS WMI provider can also serve as the controller application.

Important

All remote management activities must be run under an account in the Administrators group. Any requests from accounts that are not in the Administrators group will be denied access.

Architectural Overview

The following diagram shows how a controller application on a remote computer can securely manage files transfers on a client and on the BITS Compact Server. In this example, the controller application deploys a job on the server and a client through WS-Management. (WS-Management is the Microsoft implementation of Web Services-Management protocol.) The remote calls are received by the WS-Management (WSMAN) service on the server and client computers. The calls are passed to the WMI service that in turn invokes the BITS WMI provider to service the requests.

The controller application can use either WS-Management or WMI DCOM to deploy a job. In either case, configuration is needed on the remote computer to accept incoming requests. For information about how to connect to WMI on a remote computer see http://go.microsoft.com/fwlink/?linkid=122134. For information about configuration for Windows Remote Management see http://go.microsoft.com/fwlink/?linkid=122026.

To transfer a file, the controller application establishes connections with the WMI providers running on the client and on the server computers. It creates jobs to start the file transfer. A job on a server is defined as a URL hosted for a file residing on the server. A job is identified by the following:

  • URL Group: A URL group hosts a URL to service a file. This is a combination of the HTTP.SYS URL group and the request queue. For example, a URL group such as http://+:80/Carmine can be specified during the creation. The protocol to be used and the port on the host are also specified in the URL group. Be aware that two-level URL groups, such as http://+:80/Carmine1/Carmine2 are not supported.

  • Source file: The name of the file to be hosted on the server by the job.

  • URL suffix: a suffix which a client uses to uniquely identify the job

  • The URL that the client specifies to download a job consists of:

    • Protocol to be used: HTTP or HTTPS

    • Hostname: Name of the server

    • URL group: The namespace under which a job is hosted on the server

    • URL suffix: The suffix identifying the job created on the server

For more information about URL Prefix Strings, see http://go.microsoft.com/fwlink/?LinkId=143141.

The following sections describe how to create, monitor, and delete jobs.

Job Creation on the Server

  1. The controller application establishes a connection to root\Microsoft\Bits namespace on the BITS Server. The WMI Server Provider authenticates the remote token to check for administrative rights. The controller application sets the SSL certificates for the HTTPS port on which downloads will be serviced.

  2. The controller application requests that the WMI server provider create a URL Group on the server that will let URLs be hosted on the server. The authentication mechanism for the URL Group can be set at this point.

  3. The controller application requests that the WMI server provider create a URL that will allow a specific file residing on the server to be made available to client computer processes.

  4. The provider creates a URL Group by using COM interfaces on the server and registers a unique URL suffix in the URL Group. The SDDL and certificate authorization can be set for each unique URL.

  5. Any new jobs that are added to this URL Group will share the same URL Group and its settings. The host is now configured and listens for any requests from the client for the registered URL.

Job Creation on the Client

  1. The controller application establishes connection to root\Microsoft\Bits namespace on the client computer.

  2. The WMI client provider authenticates the remote token to check for administrative permissions. Be aware that typically WMI providers also impersonate the incoming client before providing any data. In this case, however, servicing the client happens in the context in which WMI is opened (Local System). This allows for otherwise blocked remote calls to be serviced by BITS.

  3. The controller application requests that the WMI client provider create a job that will let a specific file residing on the server to be downloaded to client computer by using the BITS service.

  4. The provider establishes a connection with the BITS service through the exposed COM interfaces.

  5. The provider impersonates the service account under which the controller application expects the BITS job to be running.

  6. The BITS job will be created for the requested URL on the server.

  7. The authentication certificate can be added to the job.

  8. Authentication credentials can be set for the job in non-trusted domain scenarios.

  9. The BITS job is resumed immediately after it is created and the file transfer starts.

Job Monitoring

  1. The controller application monitors the BITS job created through the status property made available by Client provider. If the job encounters a transient error, the controller application can fetch the error code, cancel the BITS job, and go to cleanup.

  2. If the file has been successfully transferred, the controller application can do cleanup.

Job Cleanup

  • Cleanup on the client occurs when the controller application moves the BITS job to a cleanup stage. If the job is in BG_JOB_STATE_TRANSFERRED state, the job can be moved to completed state. Otherwise the job can be canceled.

  • Cleanup on the server is performed by the controller application requesting the server provider to cancel the hosted URL. The URL registered with the group is deleted. The client can delete the URL Group as well, therefore deleting all the URLs served by that URL Group.

Additional resources

For detailed information about the BITS WMI call sequence and methods, see Background Intelligent Transfer Service at http://go.microsoft.com/fwlink/?LinkId=140888 and BITS Reference at http://go.microsoft.com/fwlink/?LinkId=140985.

For general information about using WMI see http://go.microsoft.com/fwlink/?linkid=136379.

See Also