Download presentation
Presentation is loading. Please wait.
1
Lap Around IIS7 Bill Staples Product Unit Manager, IIS COM014 – A Lap Around IIS7 Microsoft Corporation xxx Roller Coaster Ride
2
s e v e n supportable i n t e r n e t i n f o r m at i o n s e r v i c e s integrated extensible componentized compatible secure delegated
3
IIS – a colorful past 1996 - V1 & 2 ships for Windows NT 3.5 & 4.0 1997 – V4 part of NT 4 Option Pack 2000 – V5 installed by default in Windows 2000 2001 March 2001, #1 in Internet Site Share Fall 2001, Code Red and Nimda 2003 – V6 released in Windows Server 2003
4
IIS 6 Today Secure by Design Extensive design & code reviews Penetration testing Defense in depth Secure by Default IIS no longer installed by default with OS IIS installs with “locked down” configuration Runs with minimal permissions, secure configuration Process architecture designed for app failure Health detection Automatic recycling of applications Zero critical security patches since release
5
IIS 7 Overview Configuration & Admin Tool Core Server DiagnosticsCompatibilitySecurity Demos
6
The Metabase Is Dead! (global web configuration is now stored in applicationHost.config) Centralized, admin-only configuration store COM-only interface Poorly schematized XML format Built using 1996 era standards
7
IIS 7 Configuration Enables You To... Store IIS and ASP.NET settings in web.config XCopy web settings along with content Share web settings across multiple servers Extend configuration with your own schema … in a clean, well-schematized format
8
The IIS Snap-in (inetmgr) Is Dead! (the new administration tool is named webmgr) Administrator only console Poorly factored UI (go where for security?) Difficult to use (one page has that many tabs?) DCOM remoting
9
IIS 7 Admin Tool Enables You To... Manage IIS and ASP.NET in one place Manage individual sites and apps w/o machine admin privileges View health, diagnostics, users, more… Extend with your own Admin UI
10
Delegated configure and deploy w/o admin privileges
11
For More Information… COM431: IIS 7 Extensibility (Part 2): Building Configuration and UI Modules Friday 1pm, Room 404AB
12
The Core Server & ISAPI Is Dead! (IIS7 is now completely modular, built on public APIs) All core IIS features implemented in w3core.dll ISAPI difficult to master, not very flexible ISAPI unused by IIS team Built using 1996 era standards
13
IIS 7 Core Server Enables You To... Build new IIS modules on full-fidelity APIs Use native (C/C++) or Managed (C#, VB.NET) code Use existing ASP.NET modules / handlers Customize IIS footprint – per site or app
14
IIS7 Core Web Server Modules Http Protocol Support ValidationRangeModuleTraceVerbModule OptionsVerbModuleClientRedirectionModule Logging and Diagnostics HttpLoggingModule CustomLoggingModule Configuration and Metadata Caches ConfigurationModuleUriCacheModule SiteCacheModuleFileCacheModule Core Web Server DirectoryListingModuleCustomErrorModule DynamicCompressionModuleStaticCompressionModule StaticFileModuleDefaultDocumentModule HttpCacheModule RequestMonitorModule TracingModule AuthN/AuthZ BasicAuthModule DigestAuthModule WindowsAuthModule CertificateAuthModule AnonymousAuthModule FormsAuthModule AccessCheckModule UrlAuthorizationModule Extensibility ISAPIModule ISAPIFilterModule CGIModule ServerSideIncludeModule ManagedEngineModule Publishing DavModule
15
Componentized powerful, flexible building blocks for minimal footprint
16
For More Information… COM303 IIS7: Building More Powerful ASP.NET Applications with IIS7 Wednesday 1:45pm, Room 152/153 COM406 IIS7 Extensibility (Part 1): Building New Core Server Modules Wednesday 11:00am, Room 406AB
17
IIS 7 Diagnostics Enables You To... View real-time server state information Control state of Sites, Apps, AppPools, AppDomains Log detailed trace events across web platform stack Automatically log event traces on error conditions Extend trace logging with your own events
18
Supportable easy to diagnose and fix problems
19
For More Information… COM320 IIS7 Instrumenting, Diagnosing, and Debugging Web Applications Wednesday 11:30am, Room 515AB
20
IIS 7 Compatibility Means… Existing ISAPI filters and extensions just work Classic ASP applications just work ASP.NET v1.1 and v2.0 applications just work ADSI and WMI scripts just work against new IIS config
21
Compatible existing applications just work
22
IIS 7 Security Enables You To... Reduce attack surface through componentization Configure / manage sites and apps w/o admin privileges Easily secure web sites using unified authn/authz model Filter requests using built-in module
23
IIS 7 Summary Distributed and delegated configuration Tremendous extensibility, flexibility and customization Rich diagnostics and troubleshooting support Committed to compatibility Continues to build on rock solid IIS 6.0 security
24
IIS7
25
© 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.