1. Deploying and Managing a Customized Web Server on Server Core Fabio Yeon Software Developer Engineer Robert McMurray Program Manager

2. Agenda Introduction to Server Core IIS 7.0 on Server Core Installation and Setup Remote management options Modules overview Best practices Q & A

3. Server Core Introduction Server Core SKU takes Win2008 a step further GUI programs and tools are not installed or patched Reduces resource footprint for OS Minimizes attack surface Note: Managed code support is not available Great for dedicated or appliance type of scenarios Vertical applications Specialized, easily deployed turnkey solutions

4. Server Core Running IIS 7.0 IIS 7.0 on Server Core Most IIS 7.0 features available Componentized and flexible setup Install only what you really need No.NET Extensibility or ASP.NET Ultimate low footprint web server Lower memory requirement Lean OS configuration Minimize attack surface

5. Server Core Web Server Scenarios Static file web hosting (images, Office documents, etc.) FastCGI with PHP, Perl, etc. Classic ASP applications CGI/ISAPI applications Web-based appliance management

6. Server Core Managing IIS 7.0 Managing Server Core Full fidelity with non-GUI based IIS 7.0 configuration management Command line Scripting Remote PowerShell Editing ApplicationHost.config and Web.config files No GUI shell or manage-code management Installing IIS 7.0 features: OCList Provides full list of features and dependencies OCSetup Installs component (plus dependencies)

7. Demo Building a static web server Fabio Yeon Software Developer IIS 7.0

8. Creating Specialized Web Servers Componentization for Deployments IIS 7.0’s componentized architecture allows for complete customization of the Web server Lightweight, static image server to full-featured Web server Rich administration and remoting story to allow for appliance-like simplicity in management Replace modules with customized implementations (example: authorization provider)

9. Creating Specialized Web Servers Componentization for Security Provides maximum attack surface reduction Binaries are only installed when features are added Patches for IIS features that are not installed are only installed to the installation repository

10. IIS 7.0 Modules & Features Common HTTP Web Server Components DirectoryListingModule CustomErrorModule StaticFileModuleDefaultDocumentModule HttpRedirect Security BasicAuthModule DigestAuthModule WindowsAuthModule CertificateAuthModule AnonymousAuthModule IPSecurityModule UrlAuthorizationModule RequestFilteringModule Health and Diagnostics HttpLoggingModule CustomLoggingModule RequestMonitorModule HTTPTracingModule ODBCLogging LoggingLibraries Performance HTTPStaticCompression HTTPDynamicCompression Management ManagementConsole ManagementService ManagementScripting Metabase WMICompatibility LegacyScripts LegacySnap-in FTP Publishing FTPServer FTPManagement Windows Process Activation Service ConfigurationAPI ProcessModelNetFxEnvironment Application Development ISAPIModule ISAPIFilterModule CGIModule ServerSideIncludeModule NetFxExtensibility ASP ASP.NET FastCGIModule Server Core Components Server Components

11. Demo Building an application server Fabio Yeon Software Developer IIS 7.0

12. Server Core Remote Management Setting up management: SCRegEdit.wsf Netsh / Netdom Managing server core remotely: Remote Desktop MMC WinRM and WinRS Most useful for running arbitrary command remotely Lose strong-type and error handling abilities of other options Installing IIS remotely OCList and OCSetup can run remotely through WinRM/WinRS

13. Server Core IIS 7.0 Remote Scripting Microsoft.Web.Administration (MWA) Managed code can be run at master management machine, underlying COM objects are connected via DCOM WMI All objects can be remotely accessed Microsoft.ApplicationHost.AdminManager (ahadmin) JScript/VBScript using DCOM PowerShell (using WMI/MWA) Not yet directly remotable, but can use WMI and MWA from it WinRM / WinRS Use with OCList, OCSetup, AppCmd, etc.

14. Demo Managing IIS 7.0 remotely Fabio Yeon Software Developer IIS 7.0

15. IIS 7.0 Modules for Server Core Deployment Considerations Application Development Classic ASP CGI/FastCGI (i.e. PHP) Native-code modules Performance Static and Dynamic Compression Output Caching Security Authentication and Url Authorization Request Filtering Diagnostics Failed Request Tracing Request Monitoring

16. Best Practices Configuring Remote Management Firewall rules need to be set up for Remote Desktop, WinRM/WinRS, MMC (Remote Administration), etc. IIS-Specific Considerations Minimize attack surface (hackers can’t exploit what’s not there) Use OCSetup to remove modules to ensure the binaries are taken off the box Use security-sensitive modules: Request filtering, Url authorization Utilize features like Failed Request Tracing to diagnose issues Check that you have all the required modules for your application (Always test your application after removing modules)

17. Session Summary During this presentation we discussed the following IIS 7.0 topics on Windows Server 2008 Core: Installation and Setup of IIS 7.0 Remote Management Options for IIS 7.0 IIS 7.0 Modular Design and Minimal Deployment Best Practices for IIS 7.0 on Server Core

18. IIS.NET Home for the IIS Community! In-depth technical articles and samples Connect with other IIS experts on blogs & forums Free advice and assistance in forums Download center with IIS solutions

19. Related Content The following walkthroughs for IIS 7.0 are available on the www.iis.net web site: Installing IIS 7.0 from a command-line Build a Custom IIS7 Server IIS7 on Server Core Getting Started with AppCmd.exe Administering IIS7 on Server Core Installations of Windows Server 2008

20. IIS 7.0 at ITForum: Session Schedule Tuesday Friday 09:00 - 10:15 Tent 1 13:30 - 14:45 Room 115 15:15 - 16:30 Room 134 IIS 7.0 for IT Pros (WSI204) Managing Web Farms on IIS (WSI302) Securing Internet Information Services 7 (WSI03-IS) Wednesday Remotely Managing for IIS 7.0 (WSI309) 10:45 - 12:00 Room 121 13:30 - 14:45 Room 115 Publishing Content to IIS 7.0 (WSI308) Troubleshooting Web Sites on IIS 7.0 (WSI02-IS) 09:00 - 10:15 Room 131 10:45 - 12:00 Room 125 15:45 - 17:00 Room 115 Thursday Running PHP on Windows Server 2008 (WSI307) Customized Web Server on Server Core (WSI311) Managing IIS 7.0 Through Scripting (WSI310) 09:00 - 10:15 Room 115 10:45 - 12:00 Room 134 12:15 - 13:00 Room 116 13:30 - 14:45 Room 133 Securing Internet Information Services 7 (WSI03-IS) Deliver Rich Media on Windows Server 2008 (WSI01-PD) Q&A with the IIS Product Team (WSI04-IS) Location

21. Q&A Fabio Yeon Software Developer Engineer Robert McMurray Program Manager

22. Resources TechNet Library Knowledge Base Forums TechNet Magazine Security bulletins User Groups Newsgroups E-learning Product Evaluations Videos Webcasts V-labs Blogs MVPs Certification Chats Visit TechNet in the ATE Pavilion and get a FREE 60-day subscription to TechNet Plus! learn support connect subscribe Technical Communities, Webcasts, Blogs, Chats & User Groups http://www.microsoft.com/communities/default.mspx http://www.microsoft.com/communities/default.mspx Microsoft Learning and Certification http://www.microsoft.com/learning/default.mspx http://www.microsoft.com/learning/default.mspx Microsoft Developer Network (MSDN) & TechNet http://microsoft.com/msdn http://microsoft.com/technet http://microsoft.com/msdn http://microsoft.com/technet Trial Software and Virtual Labs http://www.microsoft.com/technet/downloads/trials/default. mspx http://www.microsoft.com/technet/downloads/trials/default. mspx New, as a pilot for 2007, the Breakout sessions will be available post event, in the TechEd Video Library, via the My Event page of the website

23. Complete your evaluation on the My Event pages of the website at the CommNet or the Feedback Terminals to win!

24. © 2007 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.