Assumptions
This document assumes that background infrastructure (Windows Servers, Active Directory, WSS, DNS, etc) is configured correctly and error-free. At a minimum Windows event logs, Support tools utilities (such as dcdiag and netdiag) now show critical errors. At a maximum - all services deployed according Microsoft guides, carefully documented, there are no errors and warnings exist at all.
WSS 3.0 is deployed according to "server farm" scenario in Active Directory environment.
Examples in this article are for SSL protected SharePoint sites, used standard port (443). However it may be tuned to be not SSL protected and to non-standard port (such as 8080 or something). However we recommend to use only SSL protected SharePoint sites for security.
General ideas
DNP Hosted SharePoint service creates host-named Site Collections on the top of SharePoint Web Application (we call it "Root Web Application"). The method allows you to host thousands of SharePoint sites on single server.
You create Root Web Application manually and then tune Hosted SharePoint service to use it. You can use more than one Root Web Application and Hosted SharePoint service - for example SSL and not SSL, or with wildcard certificate or without it. Something similar to Exchange Storage Groups / Databases and different Hosted Exchange services connected to it. However in most cases it is completely enough to have one SSL-protected Root Web Application.
Creating root web application.
On WSS front-end server you are going to manage with DNP open Administrative tools > SharePoint 3.0 Central Administration >
Non-default settings that you may choose (all those settings are not mandatory, you can choose another settings according to your vision).