Lesson 1: Get an Internet identity
In this lesson, you’ll go through the steps necessary to host services that clients can access over the Internet. You need to establish an Internet identity, which links your organization name and computer address in several different ways.
To establish an Internet identity, you need:
a static, public facing IP address
a domain name for your organization (and a host name for the server)
a name service provider to link the names and addresses together
an SSL certificate to verify your network identity
an AppleID to identify yourself to Apple
Step 1: Get a static IP address
Your server needs an IP address that the public Internet can count on as the location of your services.
The base of the identity is the static IP address, four numbers separated by four periods:
-
Get the static IP address from your ISP, then manually enter it in your network’s gateway. This is typically your ISPs router or AirPort Extreme Base Station.
A static IP address prevents many kinds of access problems. Some services won’t run reliably without a static address.
The IP address is used by the domain name system to establish a link between the human-readable domain name and the machine-readable IP address.
Step 2: Give your server a host name
Let’s review some Internet naming terms:
The host name is the name your server is known by on your local network. For example, you could name your server “myserver,” or whatever else would uniquely identify it on your network.
The fully-qualified domain name includes the host name and the complete domain name.
Even if you never access your server over the Internet, it needs to have a host name that uniquely identifies it on your internal network.
This host name is used by the clients on your local network, and becomes part of the public name of your server—the fully-qualified domain name.
-
Choose a host name for your server.
This could be as simple or as elaborate as you want, but the process to change it once everything is set up can be error-prone. Make sure you’re happy with it before moving to the next steps.
Step 3: Get a domain name
You need a domain name and a host name. You can pick out your own host name, but you need to lease a domain name from a Domain Name Registrar.
-
Lease a domain name from a Domain Name Registrar.
When you get your domain name, the Domain Name Registrar needs to know the DNS provider for your domain name (where the lookup directory for your domain name will be). This is usually your ISP; check with your ISP to get their name server addresses.
Let’s review some more Internet naming terms:
The Domain Name System (DNS) is the way the Internet links machine-readable static IP addresses to human-readable domain names.
Dynamic DNS is a way to use human-readable naming with IP addresses that change regularly and are periodically reassigned. If you didn’t get a public, static IP address, you’ll have to use Dynamic DNS rather than normal DNS.
The domain name is the name that designates the larger organization rather than an individual member. For example, Apple’s domain name is “apple.com.” Documentation about Internet services sometimes uses “example.com” as a domain name. Domain names are leased from a Domain Name Registrar (a company that keeps track of domain names and makes sure they’re unique).
The fully-qualified domain name includes the host name and the complete domain name. For example, “myserver.example.com” is a fully-qualified domain name.
A DNS provider keeps a record of the domain name and the fully-qualified domain name, and the static IP address they’re associated with.
Step 4: Set up DNS and reverse-DNS resolution
-
Connect your IP address to your domain name, by having DNS records made for your domain name and your IP address.
Your DNS provider needs to create at least three kinds of DNS records for your server, linking the domain name with the static IP address they provide you.
The first record is an “SOA record” (Source of Authority record) which records the definitive, authoritative source of DNS entries related to your domain. Most of the time, this record points to the ISPs DNS servers.
The next record is an “A record,” which links your fully-qualified domain name to the IP address.
The last record is a reverse DNS entry that makes the same link as the A record, but in reverse. Make sure your DNS provider creates the reverse DNS entry.
If your ISP doesn’t manage your domain’s DNS entries to your satisfaction, the ISP can “delegate authority” to a DNS server that you operate. Having control of your own DNS server gives you increased flexibility in exchange for added responsibility and work.
Step 5: Get a signed SSL certificate
-
Buy an SSL certificate from a Certificate Authority (CA).
See the Secure your Server tutorial for more information, if you don’t already have a certificate installed.
Certificate Authorities are trusted third parties that verify the identity of SSL certificates. They make sure you are who you claim to be, and collect a fee to digitally “sign” your cryptographic keys. Any web browser that trusts your CA will automatically trust your web server.
Using SSL certificates from known, trusted, popular CAs makes securing your services easier for you and your users.
You can act as your own CA and sign your own keys, if you have control over all the computers that connect to your website.
Step 6: Get a company Apple ID
-
Get an Apple ID that’s associated with your organization, rather than with an individual.
You use an Apple ID to enable push notification for services. Using a personal Apple ID isn’t recommended. For example, using an individual’s Apple ID may result in interruption of service if the individual leaves the organization or deletes their Apple ID account.
Important: You must have, or be ready to create, an Apple ID before you can turn on push notification service.
Congratulations!
Now your server can be correctly addressed and identified by clients over the Internet.