Kochhar LexServe Pvt. Ltd. Brought To you A considerate solution of IIS for trouble handling with Applications and Websites. By Manish Kumar Web Server Administrator Kochhar LexServe Pvt. Ltd. TechEd 2002

Agenda IIS 6.0 – an overview Considerations Resources Q&A Reliability – a new process model Security Performance and scalability Improving manageability Considerations Resources Q&A TechEd 2002

Reliability A New Architecture for IIS 6.0 W3SVC GOAL: permit complete application isolation from other Web applications and the core Web server Web Service functionality in INETINFO split out to do this: HTTP.sys: kernel mode listener and request router W3SVC: now the configuration and process manager W3Core: where Web applications are processed Multiple W3Core DLLs loaded into W3WP.exe files Two process model modes [Default] worker process isolation mode IIS 5.0 isolation mode W3SVC W3Core Web app HTTP.SYS kernel TechEd 2002

Reliability A Reminder – Process Model for IIS 5.0 DLLHOST.exe Pooled OOP Apps INETINFO.exe metabase ftp, smtp, nntp ASPNET_WP.exe DLLHOST.exe .Net App Domain W3SVC DLLHOST.exe .Net App Domain Isolated OOP App .Net App Domain DLLHOST.exe Isolated OOP App ASP.NET In-proc Apps Isolated OOP App ISAPI Filters User mode Kernel mode Winsock TechEd 2002

Reliability IIS 6.0 Worker Process Isolation Mode Application Pool Application Pool Application Pool INETINFO.exe SVCHOST.exe W3WP.exe W3WP.exe W3WP.exe W3Core metabase W3SVC W3Core W3Core ASP.net Apps All Apps (no OOP) All Apps (no OOP) ftp, smtp, nntp .Net App Domain W3 Config Mgr W3 Process Mgr .Net App Domain .Net App Domain ISAPI Filters ISAPI Filters User mode Kernel mode HTTP.SYS TechEd 2002

Reliability Application Pools Can create one or more application pools Each served by one or more W3WP.exe files Each W3WP.exe serves only one pool Requests routed directly to pool by HTTP.sys Isolate applications based on: Site/Customer Functionality Reliability TechEd 2002

Reliability Periodic Process Recycling What is it? Periodically restart applications based on: [Default] uptime number of requests Scheduled time Memory consumption On-demand Why use it? Refresh applications to ensure availability Prevent bad applications from taking over the system Effect on applications In-process state or cache lost on recycle Possible multi-instance issues TechEd 2002

Reliability Self-Healing Architecture Health check (pinging) - What is it? Designed to detect W3WP.exe thread deadlock Will engage if there are no threads in W3WP.exe available to respond in time How does it work? W3SVC will “ping” each W3WP.exe Process has a configured time limit to respond If (no response in time limit) Default: kill process, publish event, and start new process Or: can be configured to take a configured action on process => “Orphaning” ASP and ASP.NET uses the ping to request a recycle if they are unhealthy TechEd 2002

Reliability Crash Detection and Recovery W3SVC detects W3WP.exe “crash” W3SVC will start new W3WP.exe if there is demand Requests queued in HTTP.sys while new W3WP started Net effect: no Interruption in service Rapid fail protection Only allow x crashes in y minutes Automatically stop pool if this value is exceeded – 503s to requests for this pool TechEd 2002

Reliability Application Considerations Design applications to be recycled Persist state/caches external to host process For ASP.NET, use External session state service or Microsoft® SQL Server™ to store state Be aware of multi-instance issues May be encountered during: Recycles – overlap by default, but can disable overlap recycle or recycling altogether Two application pools loading the same application code If unable to change code, assign all URLs to the same pool “IIS 5-isms” – dependencies on IIS 5.0 behaviors Running as LocalSystem Global data filters If the above cannot be worked around, run IIS 6.0 in IIS 5.0 isolation mode Loads W3Core into INETINFO, same IIS 5.0 OOP TechEd 2002

Security on IIS 6.0 Secure on Installation Clean installation IIS not installed on a clean install by default Use Configure Your Server Wizard to install application server role – installs: IIS 6.0 FPSE (not enabled) ASP.NET (not enabled) Upgrade installation W3SVC disabled unless URLScan is installed before upgrade TechEd 2002

Security on IIS 6.0 Attack Surface Reduced Restriction list Only execute requests for “allowed” extensions and CGIs No extensions or CGIs allowed by default 404.2 returned if request for “prohibited” extension or CGI Use Web Service Extensions node in MMC to “allow” and “prohibit” extensions and CGIs Known file extensions Only serve requests that are defined in MIMEMAP 404.3 for requests not in MIMEMAP Considerations If using Visual Studio® .NET – define .tmp files in MIMEMAP Visual Studio .NET to fix this in SP1 TechEd 2002

Security in IIS 6.0 Configurable Worker Process Identity Worker process can be started as: Network service (default) Local system Local service Configured ID IIS_WPG New user group IIS resources put into an ACL in this group Will get 503s if configurable account is not part of IIS_WPG Considerations Passport Active Directory® mapping requires local system Kerberos might require additional configuration for this ID TechEd 2002

Security in IIS 6.0 Secure Changes from IIS 5.0 Sub authentication is not installed by default on clean installations Effect = passwords might expire for IWAM and IUSR accounts Solution = must install SubAuth or come up with own synchronization scheme URLs restricted to maximum length of 16 KB with more restrictive parsing No special chars, etc. Content in Inetpub is now overwrite protected Command-line tools limited to the administrators group only TechEd 2002

Security in IIS 6.0 Recommendations Do a clean installation vs. upgrade – more secure by default No lockdown tool yet for IIS 6.0 to handle upgrade case Run application pool W3WP.exe files as Network Service (default) Only “allow” extensions that are vital to all applications Prohibit everything else to reduce attack surface Check IIS hit logs and HTTPERR log IIS hit logs – substatus codes logged for W3C and binary-formatted files HTTPERR – detail on reason for 503s and connection terminations TechEd 2002

Performance in IIS 6.0 Caching Responses in HTTP.SYS Cached dynamic content served straight from HTTP.SYS Could run double speed when served from kernel – no user-mode transition Your applications will not see requests if served from cache Static files cached by default Smart caching - only “hot” static content cached Invalidation API callback Also leverage “Expires” header to automatically set “staleness” timeout for cached responses Considerations Use for dynamic responses if they can be “stale” for a period of time Lessens load on Web server if response from cache can be served ASP.NET => use OutputCache Location=“Server” directive to mark response as cacheable TechEd 2002 4

Performance in IIS 6.0 Capacity Planning Tracing Hooks at key positions during request lifetime, from start of request to final send of response: HTTP Start, Route, Cache Hit, End ISAPI Filter Start/Stop (filter name, notification) ISAPI Extension Start/Stop ASP Start/Stop ASP.net Start/Stop Useful in debugging as well – Where is my request blocked? Customer example Uses this to find high CPU-usage pages Also used to diagnose where the delay is TechEd 2002 4

Performance in IIS 6.0 Web Gardens and Processor Affinity Application Pool Web Gardens Application pool with more than one worker process Connection-based routing within Garden Processor affinitization Bind application pool processes to one or more CPUs Mask-based configuration Considerations Possible multi-instance issues Recycling – possible all-at-once Affinitization Create virtual silos of work on large MP boxes Affinitize based on MP architecture (bind to CPUs on same pod) W3WP.exe W3WP.exe SVCHOST.exe W3WP.exe W3Core W3Core W3Core W3SVC All Apps (no OOP) All Apps (no OOP) All Apps (no OOP) W3 Config Mgr W3 Process Mgr ISAPI Filters ISAPI Filters ISAPI Filters HTTP.SYS kernel TechEd 2002

Performance in IIS 6.0 Idle Timeout and Demand Start Time out and shut down idle processes if process is idle for given period of time Frees resources for active applications Applications still available even if worker process idles out and is shutdown! Demand start Only start worker process if there is demand for the application pool Considerations Use idle timeout to free resources for other heavy-use applications Consider disabling idle timeout if application startup takes a long time Note: will cause idle processes to terminate Loss of in-memory cache TechEd 2002

Manageability in IIS 6.0 Metabase Improvements XML Metabase Metabase now stored in XML Auto-versioning: like an automatic backup Edit while running Make changes directly to the Metabase.xml file while IIS is running Any editor can be used – Notepad .NET, PERL, etc. Considerations Safer and more secure to use ADSI or UI to make changes to metabase Note: Metabase.bin still exists, but only as a stub file for legacy backup applications ADSI UI Admin Base Objects Metabase.xml MBSchema.xml TechEd 2002

Manageability in IIS 6.0 Metabase Improvements – Import/Export Export/import metabase configuration to/from XML Options include: Export/Import inherited properties Export/Import node only (or entire subtree) Password-encrypted exported file Use with ASP.NET XCOPY deployment of applications Export IIS 6.0 metabase configuration for .NET application Store in .NET application directory Import application metabase configuration file after XCOPY Admin Base Objects ADSI UI Metabase.xml MBSchema.xml TechEd 2002

Manageability in IIS 6.0 WMI Provider and New Command Line Tools Query support Associations Scriptable New command-line tools Task-based approach Supported tools – currently in %windir%\system32 Based on WMI Provider Example: use IISCNFG.vbs as part of .NET application migration strategy between two IIS 6.0 boxes Command Line Tools ADSI WMI UI Admin Base Objects Metabase.xml MBSchema.xml TechEd 2002

Summary IIS 6.0 was made better by making Web applications more: Secure Reliable Scalable Manageable TechEd 2002

Resources IIS 6.0 Overview on TechNet: IIS 6.0 Technical Overview: http://www.microsoft.com/windows.netserver/evaluation/overview/technologies/iis.mspx IIS 6.0 Technical Overview: http://www.microsoft.com/windows.netserver/docs/IISOverview.doc TechEd 2002

Kochhar LexServe Pvt. Ltd. Thank you for joining. For any doubt and query in future about IIS6.0, Please visit: http://manishmishramcp.wordpress.com/iis Your feedback is sincerely appreciated. Please send any comments or suggestions on the given address: Manish.kumar@klexserve.com