Improved Security Modular design results allow: Reduced installation footprint Customized, streamlined servers Application Pools are Sandboxed by default Easier to manage Redesigned IIS Manger Easier to use while allowing more control Remote administration over https Delegate authority to configure to non-admins Your choice of powerful management tools Increase uptime with Prescriptive error messages Built in failed request tracing Improved web farm support with shared configuration
Proven Scale MySpace - 23 Billion Page* Views/Month Microsoft.com - 10k Req/sec & 300K Connections Match.com 30 million page view daily Proven Security No critical IIS 6 hotfixes since RTM as of 4/4/07 Proven Trust 54% of Fortune 1000 use IIS (port80software.com) A solid foundation to build on.
Customer Feedback Revealed… Site density on shared servers is too low Metabase corruption and replication issues Too few options for site owner administration Site/server failures too difficult to troubleshoot Not enough flexibility for customization Current support for PHP apps is inadequate
Send Response LogCompress NTLMBasic Determine Handler CGI Static File Authentication Anon Monolithic implementation Install all or nothing… Extend server functionality only through ISAPI… ASP.NET PHP ISAPI … …
Send Response LogCompress NTLMBasic Determine Handler CGI Static File ISAPI Authentication Anon SendResponse Authentication Authorization ResolveCache ExecuteHandler UpdateCache … … Server functionality is split into ~ 40 modules... Modules plug into a generic request pipeline… Modules extend server functionality through a public module API. … …
IIS 6IIS 7Benefits ArchitectureMonolithicModularCustomize, Extend, Streamline SetupMost Features installed (many disabled) Minimal installation for designated role Increased Security Extend Features ISAPI filters and ISAPI extensions Add modules and handlers in native or managed code Easier to develop application and administration features Customize UIPossible, but not common. Extensible, modular, based on.NET Much easier for developers to provide new admin features
IIS7 Default Installation in Longhorn
Completely redesigned IIS Manager Task-oriented Context sensitive ‘Actions’ pane Tabs are replaced with Icons Allows IIS & and ASP.NET configuration Icons instead of tabs Provides Managed extensibility Add new management and IIS features Application configuration can integrate into UI View health and diagnostics within the UI Built in remote administration over https Manage 1 or 1000’s of sites
Use IIS Manager from Longhorn, Vista, Windows Server 2003 & XP No administration website required! Secure, firewall-friendly connection over HTTP/SSL Authenticates both Windows and non- Windows credentials Fully customizable Supports auto-deployment of new Administration features from server->client Can hide features remote user cannot edit
Application Pool architecture based on IIS 6 Familiar settings for recycling, health monitoring, and process identity are the same Two pool types in IIS 7 Integrated Allows use of managed code to provide pipeline services for all requests Example:.NET Forms authentication for Perl Integrated is the default for new pools Classic Works same as IIS 6 Ensures.NET compatibility
ISAPI-based Implementation Only sees ASP.NET requests Feature duplication Send Response LogCompress NTLMBasic Determine Handler CGI Static File ISAPI Authentication Anon … … Authentication Forms Windows Map Handler ASPX Trace … … …aspnet_isapi.dll
Two App Pool Modes Classic (IIS 6) Integrated Mode. NET modules / handlers plug directly into pipeline Process all requests Full runtime fidelity Log Compress Basic Static File ISAPI Anon SendResponse Authentication Authorization ResolveCache ExecuteHandler UpdateCache … … Authentication Forms Windows Map Handler ASPX Trace … … … aspnet_isapi.dll
Moved from Metabase.xml (and.bin) to Applicationhost.config File based configuration improves manageability Config can be copied to other servers Easier to read Facilitates backup, restore and editing You now have choices about how to manage IIS configuration 1. Centralized Configuration 2. Delegated Administration 3. Shared Configuration
NET global settings ASP.net global settings Global settings and location tags Contoso.com \ Orders.NET Framework Global web.config Machine.config IIS 7 Applicationhost.config Site Root Web.config.NET settings.. IIS7 Delegated settings.. Contso.com root
Delegated Control to Site Owners Site Owners control designated settings without elevated server privileges Delegated settings written to Web.config files Site and/or application level Shared with ASP.net configuration XCopy deploy configuration and content Granular control over delegated settings allows precise locking Example: Always require Windows Authentication, but let site owner control Basic.
All web servers can share a single application host.config Eliminates configuration replication in a web farm All administration tools are redirected to a common UNC path Does not replicate content First appearance in Longhorn Beta 3
New sites are assigned to a unique pool Unique SID is associated with pool At runtime, a temporary “applicationpool.config” file is created Contains only settings for the pool Unique SID is allowed access No other pool can read the configuration Process ID is still Network Service
View Detailed Errors in the Browser New errors provide prescriptive guidance Access Runtime State Info in Real-Time New APIs expose all runtime diagnostic information Ex. See all currently executing requests Rapidly Troubleshoot Faulty Applications Define ‘failures’ triggers by error code or time taken Configurable per application or URL Resulting Failed Request log is chronicle of events for the “failed” request Quickly identify bottlenecks Developers can add custom events
APPCMD General purpose command line tool Query and control state, change settings, add sites and vdirs Managed Code API Microsoft.Web.Administration WMI Improved namespace for IIS7 ADSI compatibility Powershell use with Managed API and WMI
C:\> appcmd list sites SITE "Default Web Site" (id:1,bindings:HTTP/*:80:,state:Started) SITE "Site1" (id:2,bindings:http/*:81:,state:Started) SITE "Site2" (id:3,bindings:http/*:82:,state:Stopped) C :\> appcmd list requests REQUEST "fb e" (url:GET /wait.aspx?time=10000,time:4276 msec,client:localhost) C:\> appcmd list requests /apppool.name:DefaultAppPool C:\> appcmd list requests /wp.name:3567 C:\> appcmd list requests /site.id:1 Filter results by application pool, worker process, or site
Go Live License available to public Download Centre – Download IIS 7 Extensions such as new FTP server TechCenter to easily find the info you need Advice and assistance in Forums Walkthroughs, examples, and code samples Online labs – test IIS7 in your browser!
Web Server and Service Program Invitations to Deep Dives Training Events in Redmond Virtual Labs Based Support Access to Builds of Longhorn Server Case Study opportunities For more information contact:
© 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Deprecated NNTP IIS 5 Worker Process Isolation Mode FPSE (compatible alternative on IIS.net) Metabase.bin/Metabase.xml IUSR_ IWAM_ and IIS_WPG POP3 No administration website
Handler and module configuration settings have moved: system.web/httpHandlers → system.webServer\handlers system.web/httpModules → system.webServer\modules Watch for module conflicts in request processing Setting the “managedHandler” precondition for a module means “execute only for ASP.NET requests”