1. IIS6 Web Services

2. Overview Application Platform Features Reliability Features Manageability Features Performance and Scalability Features Security Features

3. Application Platform Features Web Applications The Application Server Role Installing and Configuring the Application Server Role Configuring and Managing Your Server Adding and Removing Components

4. Web Applications A Web Application is a collection of content accessed through hypertext protocols Static content Web site CGI scripts ASP pages ActiveX ® /COM components ASP.NET pages.NET Web Services Components of multi-tier applications

5. The Application Server Role Combines specific interdependent functionality termed Web Application Server: Microsoft Internet Information Services (IIS) 6.0 Active Server Pages (ASP) ASP.NET Component Object Model (COM+) Microsoft Data Engine (MSDE) Microsoft Message Queuing (MSMQ)

6. The Application Server Role The Application Server Role, which includes IIS 6.0 and other components, is not installed by default in Windows Server 2003 Two Interfaces Configure Your Server/Manage Your Server Wizards Add/Remove Programs, Add/Remove Windows Components

7. Configure Your Server and Manage Your Server Web Application Server role can be added through Configure Your Server or Manage Your Server Base components are automatically selected Additional components are installed based on choices made in wizard After the role is added, it can be managed through Manage Your Server

8. Configure Your Server/Manage Your Server Easy Web server setup Configures only services required for application

9. Add/Remove Components Allows for more granular component selection (and risk of incorrect component selection)

10. Reliability Features Fault-tolerant Architecture HTTP stack (HTTP.sys) Application Pools WWW Service Worker Processes (W3WP.exe) IIS 5.0 Isolation Mode Health Monitoring Process Recycling Crash Detection and Rapid Fail Protection

11. Fault-tolerant Architecture: Issues Web sites and applications may contain flawed code Web server needs to be active manager of applications: Be fault tolerant (not crash on application failure) Monitor the health of Web sites and applications Actively recycle/restart processes Continue to queue requests Reliability without sacrificing performance IIS 5.0 All requests run through single process (Inetinfo.exe), Out-of-process applications (dllhost.exe) were slow Application failures could crash server, other applications

12. Fault-tolerant Architecture: Solution IIS 6.0 fault-tolerant process isolation architecture Isolates applications from each other and Web server Core components HTTP.sys: Kernel mode component for HTTP listening, routing, queuing, and caching Application pools: Groups sites and applications for easy management of process isolation WWW Service: Configuration and server management, process health monitoring Worker processes (W3WP.exe): Isolate Web site and application processing

13. IIS 6.0 Fault-tolerant Architecture HTTP.sys WWW Service Kernel User W3WP.exe Web application Request Response W3WP.exe Web application Application Pool

14. HTTP Stack (HTTP.sys) HTTP stack with queuing and caching functions Runs in kernel mode Supports IPv4 and IPv6 Does not load or run any Web site or application code Cannot be affected by applications errors and failures Routes requests to IIS application pools based on URL mapping Text-based and binary logging

15. HTTP Stack (HTTP.sys): Kernel- Mode Queuing HTTP.sys queues incoming HTTP requests Each queue supports a set of sites/application Queue size can be set by administrator If an application fails: HTTP.sys continues to accept and queue requests until the application is restarted or the server is shut down Once the application restarts, the queue is processed until it is empty Buffers client application from application errors Increases site and application availability

16. Application Pools Defines a set of Web applications managed together Separated by process boundaries Served by one or more worker processes Requests routed directly to pool by HTTP.sys Not affected by sites and applications in other pools Application cannot be routed to another pool while being serviced by the current pool Applications can be assigned to different pools running while server is

17. Application Pools: Configuration Easy to create and manage Can configure up to 20,000 application pools per server

18. WWW Service Roles Configures HTTP.sys Manages worker processes Application code runs in separate worker processes No application code runs in WWW Service Requests do not route through WWW Service Ensures Web server reliability Application errors cannot crash Web server

19. WWW Service: Configuration At IIS 6.0 startup Reads metabase and initializes HTTP.sys routing table Creates one entry for each URL to app pool mapping Determines routing from request to worker process As application pools and applications are added Configures HTTP.sys to accept new URL requests Sets up the request queues for new application pools Indicates where the new URLs should be routed

20. WWW Service: Process Management During IIS 6.0 operation WWW Service monitors processes Determines when to start a worker process … when to start additional worker processes … when a worker process has failed or blocked … when to recycle or restart a worker process Requests continue to be queued and updated while an application is being recycled Process recycling is invisible to client application

21. Worker Processes Responsible for handling Web requests for a set of sites and applications Each application pool is served by one or more worker process Each worker process is self–contained Receives requests directly from HTTP.sys Contains Web request processing functionality Loads ISAPIs: filters and extensions (ASP, ASP.NET, Microsoft FrontPage ® Server Extensions) Delivers complete isolation from system components and other Web applications

22. Worker Processes: Configuration Worker process can be started as: Network Service (default) Local System Local Service Configured ID

23. IIS 6.0 Fault-tolerant Architecture WWW Servic e Config Mgr Process Mgr HTTP.sys Web Garden W3WP.exe ISAPI Extensions (ASP, etc.) ISAPI Extensions (ASP, etc.) ISAPI Filters Application Pool 2 W3WP.exe ASP.NET ISAPI CLR Application Domain W3WP.exe ASP.NET ISAPI CLR Application Domain INETINFO metabase Application Pool 1 W3WP.exe ISAPI Extensions (ASP, etc.) ISAPI Extensions (ASP, etc.) ISAPI Filters

24. Fault-tolerant Architecture: Benefits Dramatically increased reliability No server reboots Self healing on application failure Increased scalability Simplified server administration

25. IIS 5.0 Isolation Mode Some applications may not work in IIS 6.0 worker process isolation environment Multiple-instance Session state persisted in-process Applications written as read raw data filters IIS 6.0 can switch to IIS 5.0 isolation mode Everything in user mode operates as in IIS 5.0 IIS 5.0 methods of application isolation (low, medium [pooled], high) Inetinfo.exe still master process HTTP.sys performance benefits  Kernel-mode request queuing  Kernel-mode caching

26. Process Health Monitoring Detects and recovers from thread deadlock How does it work? Configurable time limit WWW Service pings each worker process If (no response in time limit)  Default  Kill process  Publish event  Start new process  Or  Take a configured action => “Orphaning” Other application pools keep running HTTP.sys WWW Service W3WP.exe Kernel User Web application

27. Process Health Monitoring: Debug Action Allows for custom action to be executed when process fails to respond, for example: Send e-mail to administrator Attach debugger Process dump Process left running Though WWW Service dropped its process handle

28. Crash Detection and Rapid Fail Protection WWW Service detects process crash On failure Publish event to event log Check “crash count” If (Crash count > Max Crashes in time limit) Disable application pool Else start new process if demand Rapid Fail Protection Only allow x crashes in y minutes Return 503 errors when invoked

29. Manageability Features Configuration Metabase XML Metabase Advantages Change Configuration While Running Metabase Save Options Metabase Import/Export Server Configuration Backup/Restore Improved Patch Management IIS WMI Provider Command Line/Script Administration Web-based Administration Console Logging

30. Configuration Metabase: Before IIS 6.0 Hierarchical store of IIS configuration information Enables Inheritance Data typing Change notification Security IIS 4.0/IIS 5.0 storage is proprietary binary file Metabase.bin Not easy to read or edit Admin UI Active Directory Service Interface (ADSI) Admin Base Object metabase.bin

31. Configuration Metabase: IIS 6.0 XML Metabase Metabase now stored in XML Plain text file Change configuration while server is running Automatic backup with version control Application configuration exportable and importable from file Import/Export configuration Server-independent backups Admin Base Objects UI WMI ADSI Metabase.xml MBSchema.xml

32. XML Metabase Advantages Easier to: Diagnose metabase corruption Extend existing metabase schema through XML Read/edit current metabase configuration directly Completely compatible with existing APIs and ADSI Existing binary metabases upgrade to XML cleanly Better performance/scalability „Faster” read times than IIS 5.0 binary metabase Equivalent write performance to IIS 5.0 binary metabase

33. Change Configuration While Running Metabase can be modified while IIS 6.0 is running To enable, select “Enable Direct Metabase Edit” Does not require server restart Can use any text editor—Notepad.NET, PERL, etc

34. Metabase Save Options Frequency Save event scheduled 60 seconds after last change At save event, if the number of writes since the first change exceeds 30, the save event is deferred 60 seconds If deferring continues, metabase save occurs 5 minutes from first change What happens Data saved to metabase.xml WWW Service URL to application pool tables updated

35. Metabase Import/Export Export/import metabase config to/from XML Options include Export/Import inherited properties Export/Import node only (or entire subtree) Password encrypt exported file

36. Server Independent Backup/Restore New capabilities in IIS 6.0 Backup with password Automatic backups

37. UTF-8 Logging Support IIS 6.0 now supports writing log files in UTF-8 instead of ASCII or local codepage Configurable at the WWW service level

38. Binary Logging Allows for more than 10,000 sites to write to a single log file in a binary, non-formatted manner Improved performance because data does not need to be formatted Provides several scalability benefits Reduction in the number of log file buffers needed Post-process log file to extract the log entries Allows for the use of custom tools to process binary log files Format of the log entries and file published

39. Logging of HTTP Substatus Codes IIS returns substatus codes for specific types of problems Request cannot be served because required application has not been unlocked (for example, ASP by default on clean installations) The client receives 404 error IIS actually generates a 404.2 error Errors now logged to W3C and binary log files

40. Performance and Scalability Features Kernel-mode Caching Resource Accounting and Quality of Service (QoS) Site Scalability Idle Timeout and Demand Start ASP.NET and IIS 6.0 Integration

41. Kernel-mode Caching Cached responses served straight from HTTP.sys Can double speed No user-mode transition Applications will not see requests if served from cache Static and dynamic content Smart caching Request Response W3WP.EXE (IIS6.0) HTTP SYS Cache ASP.NET/CLR User Application User Kernel Network Stack

42. Web Gardens and Processor Affinity Web Gardens Application pool with multiple worker processes Connection-based routing within garden Processor Affinitization Bind processes to one or more CPUs Mask-based configuration HTTP.sys Web Garden Application Pool WWW Servi ce Worker Process ISAPI Extension ISAPI Extension ISAPI Filter

43. Resource Accounting and Quality of Service (QoS) Ensures that components or content do not monopolize server resources Allows administrator to control resources used by sites, application pools, WWW service, and so on Ensures quality of service that other services/sites/applications on the system receive by limiting the resources consumed by particular Web sites/applications, and/or the WWW service itself QoS features: Connection limits Connection timeouts Application pool queue length limits Bandwidth throttling Process accounting Memory-based recycling

44. Site Scalability Targeting many thousands of sites per machine Current suggested maximum is 20000 sites Re-architected Startup/Shutdown routines for lazy site initialization Centralized, binary logging Option to have one central log file per computer rather than tens of thousands when doing dense hosting

45. Other Platform Improvements 64-bit support Code base compiled for 32-bit and 64-bit platforms Internet Protocol version 6 (IPv6) Support Production-ready IPv6 stack If IPv6 protocol stack is installed, IIS 6.0 will automatically handle HTTP requests that arrive over IPv6 Granular Compression On congested network, useful to compress responses In IIS 5.0, compression was an ISAPI filter and could only be enabled for the whole server IIS 6.0 allows file level compression

46. Security Features Locked down by default Multiple levels of security Unlocking Functionality Application Isolation Network Service Account SSL v3 Improvements Configurable Worker Process ID Passport Authentication Windows Server 2003 Authorization Framework Constrained Delegated Authentication FTP Security Features

47. Locked Down By Default IIS is not installed by install or upgrade default Except on Windows Server 2003, Web Edition When initially installed, only requests for static content allowed by default For example: HTML, text,.jpg,.bmp No ASP, ASP.NET, CGI, or other dynamic content is allowed (unless ASP or ASP.NET has been installed) Aggressive, secure default timeouts Additional content types must be specifically enabled Group Policy can be used to prevent IIS installs on workstations or inappropriate servers

48. Multiple Levels of Security IIS only serves recognized file extensions Unrecognized extensions are refused File verification Server verifies that content exists before giving request to request handler (ISAPI extension) Buffer overflow protection Worker process detects and exits program if buffer overflow detected Command-line tools inaccessible to Web users Upload data limitations defined by administrators

49. Multiple Levels of Security Write-protected content Anonymous users cannot modify content Access Control List (ACL) settings Command line files Content Logfiles Custom error directory On cache directories No executable virtual directories /SCRIPTS and /MSADC

50. Unlocking Functionality In default install, administrator must manually enable: ISAPI CGI ASP ASP.NET FPSE WebDAV Server Side Includes Enable using command-line, script, or GUI

51. Application Isolation One IIS 6.0 server can securely host many Web sites and applications Application pools provide unit of isolation Isolation is achieved through: Configurable worker process identity Bandwidth and CPU throttling Memory-based recycling

52. Configurable Worker Process Identity Each worker process can be run as Network Service Local System Local Service Configured ID IIS_WPG New user group IIS resource ACLs configured for this group

53. Network Service Account New built-in account Very few privileges Adjust memory quotas for a process Generate security audits Logon as a service Replace process level token Impersonate a client after authentication Allow logon locally Access this computer from the network Provides additional security because worker processes have few rights

54. SSL Improvements Performance Faster and more scalable than IIS 5.0 Remotable Certification Object In IIS 5.0, could not remotely manage SSL certificates because CSP is not remotable CertObject allows remote certificate management Selectable Crypto-Service Provider Enables easy selection of third-party Crypto application programming interface (CAPI) providers Hardware SSL accelerators

55. SSL Improvements SSL StreamFilter is hosted in LSASS.exe process (can give up to 25% throughput gains in SSL loads) Aggressive SSL thread pool Significant performance work on multiprocessor machines Increases up to 2X for some workloads on 8P computers

56. Microsoft Passport Authentication Integrated with Windows Server 2003 Can assign permissions to resources with Passport accounts Map Passport credentials to Microsoft Active Directory® accounts

57. Windows Server 2003 Authorization Framework IIS 5.0 authorization model is resource-ACL based Object-oriented permissions Web applications are operation/task-driven, not object-driven Application had to provide operation/task access control IIS 6.0 extends the Windows Server 2003 authorization framework URL-specific authorization Authorization Manager Application-specific access

58. FTP Security Features IIS 6.0 isolates users into their own directories Locks user’s FTP session to a directory under FTP root Authenticates using local or domain account Using Active Directory account Using local account Anonymous access with user isolation

59. FTP Security Features Isolation levels Compatibility/ no isolation Small business/ stand-alone isolation Enterprise isolation using Active Directory integration