virtual techdays INDIA │ august 2010 IIS 7/7.5 Tips & Tricks Jaskirat Singh │ Technical Lead [IIS|Asp.Net team], Microsoft
IIS 7 /7.5 Architect changes IIS 6 Architect flashback IIS 7 features/modular approach Tip & Tricks Enabling SSL on IIS 7.0 Using Self-Signed Certificates Kernel Mode SSL And Authentication FTP over SSL New Management API/ APPCMD tool Demo Running 32 bit and 64 bit worker process side by side on same server virtual techdays INDIA │ august 2010 S E S S I O N A G E N D A
App pool identity feature Server Core – No User interface IIS Remote management /Feature delegation Allow Non-Admins to manage IIS remotely App warm Module for cold start Can be used to avoid initial start up time Troubleshooting using FREB virtual techdays INDIA │ august 2010 IIS 7/7.5 Tip & Tricks continue…
IIS 6.0 Features Worker process isolation mode Health monitoring Worker process recycling Rapid-fail protection XML based Metabase Manage using WMI and ADSI Tight security by default lock down Enhanced logging mechanism HTTP.sys logging Performance and Scalability Web gardens, Processor affinity, Ideal timeout, CPU Monitoring Troubleshooting using ETW virtual techdays INDIA │ august 2010 IIS 6 Quick Flash Back
IIS 6.0 Architecture virtual techdays INDIA │ august 2010
IIS 7.0/7.5 Architecture IIS 7 -> win 2k8/Vista IIS 7.5 -> win 2k8 R2/Win 7 virtual techdays INDIA │ august 2010
IIS 7.0 leverages the reliability and security-focused architecture of IIS 6.0 Modular Web server 40 different components Individual installation of each component Role specific Web server deployment Extensible architecture ASP.NET integration Form Authentication and URL authorization for static files (.htm,.css etc) and.asp pages Eliminates duplication of features Common IIS and ASP.NET configuration file Enhancement in hosting FastCGI application such as PHP Distributed configuration system Enhanced diagnostics and troubleshooting using Failed Request Tracing[FREB] virtual techdays INDIA │ august 2010
virtual techdays INDIA │ august 2010
IIS 7.0/7.5 Architecture virtual techdays INDIA │ august 2010
IIS 7 Using Self Signed certificate feature With IIS 6, it was difficult to generate certificate even for testing purpose. Earlier We’ve submit to cert request to Local CA for self signed certificate. But IIS 7.0 makes it radically easier to configure and enable SSL. IIS 7.0 also now has built-in support for creating "Self Signed Certificates" that enable you to easily create test/personal certificates that you can use to quickly SSL enable a site for development or test purposes. virtual techdays INDIA │ august 2010
Kernel Mode SSL Kernel Mode SSL[IIS7 kernel mode SSL is going to be the default setting and the only setting] This give Tremendous performance gain in terms of context switching virtual techdays INDIA │ august 2010
Kernel Mode Windows Authentication On IIS 7 Windows Authentication is by default configured to run in kernel mode When set it takes care of SPN setting for kerberos. But exceptions are there to the rule. virtual techdays INDIA │ august 2010
virtual techdays INDIA │ august 2010 DEMO: Kernel Mode Auth / Creating Self signed certificates Jaskirat Singh │ Technical Lead, Microsoft
Management Api And APPCMD tool IIS management (API) allows complete manipulation of the XML configuration files and convenience access to server objects The management classes reside in the Microsoft.Web.Administration namespace Example : Create New Website using System; using System.Collections.Generic; using System.Text; using Microsoft.Web.Administration; namespace MSWebAdmin_Application { class Program { static void Main(string[] args) { ServerManager serverManager = new ServerManager(); Site mySite = serverManager.Sites.Add("Racing Cars Site", d:\\inetpub\\wwwroot\racing", 8080); mySite.ServerAutoStart = true; serverManager.CommitChanges(); } virtual techdays INDIA │ august 2010
Management Api And APPCMD tool AppCmd.exe is the single command line tool for managing IIS 7 Some of the things you can do with AppCmd: Create and configure sites, apps, application pools, and virtual directories Start and stop sites, and recycle application pools List running worker processes, and examine currently executing requests Search, manipulate, export, and import IIS and ASP.NET configuration virtual techdays INDIA │ august 2010
virtual techdays INDIA │ august 2010 DEMO: Management API and APPCMD Jaskirat Singh │ Technical Lead, Microsoft
Running 32 bit and 64 bit worker process side by side on same server On Windows X64 bit you can run either worker process [w3wp.exe] either in 32 bit OR 64 bit but not the both on the same time Good New on IIS 7.x, We can run 32 bit and 64 bit worker process on same time. You can change the config manually or through UI or using appcmd Using Appcmd: appcmd set apppool /apppool.name:MyAppPool32bit /enable32BitAppOnWin64:true appcmd set apppool /apppool.name:MyAppPool64bit /enable32BitAppOnWin64:false virtual techdays INDIA │ august 2010
IIS 7 Application Pool Identities Worker processes in IIS 6.0 run as NETWORKSERVICE by default.[It was low privilege account] Why ApplicationPoolIdenity in IIS7 ? As more and more Windows system services started to run as NETWORKSERVICE. This is because services running as NETWORKSERVICE can tamper with other services that run under the same identity. Because IIS worker processes run third-party code by default (Classic ASP, ASP.NET, PHP code), it was time to isolate IIS worker processes from other Windows system services and run IIS worker processes under unique identities. For every Application Pool you create, the IIS Admin Process (WAS) will create a virtual account with the name of the new Application Pool and run the Application Pool's worker processes under this account. Represented as "IIS AppPool\DefaultAppPool" However, the identity is not a real user account; it will not show up as a user in the Windows User Management Console virtual techdays INDIA │ august 2010
Server Core Minimal Installation option for windows 2008 Available for X86 and X64 No User interface. Only CMD Core sub system: Security Logon,networking(TCP/IP),file system etc Basic set of management tools: Configure ip address, create users,notepad,taskmgr Less patches 60% less than win 2000 More Secure, Reliable and Less Management virtual techdays INDIA │ august 2010
IIS 7/7.5 Remote management And Feature delegation Prerequisites for Remote management IIS 7.0 on Windows Server® 2008 or IIS 7.5 on Windows Server 2008 R2 The default IIS 7 installation options do not include the Management Service (also referred to as the Web Management Service (WMSVC)), which is required for remote administration Only Windows Administrator can connect remotely to “Server” Level and not the IIS User You can connect to IIS 7/7.5 remotely from Win XP SP-2 / Windows 2003 Sp-1 and Windows 7 after installing IIS Remote Manager For enabling Write permission for any feature you’ve to configure permission and file ACLs For IIS Manager User (NT Service\WMSVC by default). For each Windows user or group virtual techdays INDIA │ august 2010
virtual techdays INDIA │ august 2010 DEMO: IIS 7 Remote management And Feature Delegation Jaskirat Singh │ Technical Lead, Microsoft
App Warm Up Module Improving site performance Individual pages run faster Hide start-up cost for a cold application Application Warm-Up Module in IIS 7.5 allows applications to automatically start without a request This helps us reduce the initial warm-up time for applications on the first request. virtual techdays INDIA │ august 2010
virtual techdays INDIA │ august 2010 DEMO: App warm Up Module Jaskirat Singh │ Technical Lead, Microsoft
Troubleshooting using FREB It helps to figure out what exactly is happening with your request.At what point it failed. It can be used to measure performance of the request It can help in figuring out Module loading and executing order virtual techdays INDIA │ august 2010
virtual techdays INDIA │ august 2010 DEMO: Enabling FREB Tracing Jaskirat Singh │ Technical Lead, Microsoft
virtual techdays THANKS │ august 2010 │