1. virtual techdays INDIA │ 18-20 august 2010 IIS 7/7.5 Tips & Tricks Jaskirat Singh │ Technical Lead [IIS|Asp.Net team], Microsoft

2.  IIS 7 /7.5 Architect changes  IIS 6 Architect flashback  IIS 7 features/modular approach  Tip & Tricks  Enabling SSL on IIS 7.0 Using Self-Signed Certificates  Kernel Mode SSL And Authentication  FTP over SSL  New Management API/ APPCMD tool Demo  Running 32 bit and 64 bit worker process side by side on same server virtual techdays INDIA │ 18-20 august 2010 S E S S I O N A G E N D A

3.  App pool identity feature  Server Core – No User interface  IIS Remote management /Feature delegation  Allow Non-Admins to manage IIS remotely  App warm Module for cold start  Can be used to avoid initial start up time  Troubleshooting using FREB virtual techdays INDIA │ 18-20 august 2010 IIS 7/7.5 Tip & Tricks continue…

4. IIS 6.0 Features  Worker process isolation mode  Health monitoring  Worker process recycling  Rapid-fail protection  XML based Metabase  Manage using WMI and ADSI  Tight security by default lock down  Enhanced logging mechanism  HTTP.sys logging  Performance and Scalability  Web gardens, Processor affinity, Ideal timeout, CPU Monitoring  Troubleshooting using ETW virtual techdays INDIA │ 18-20 august 2010 IIS 6 Quick Flash Back

5. IIS 6.0 Architecture virtual techdays INDIA │ 18-20 august 2010

6. IIS 7.0/7.5 Architecture IIS 7 -> win 2k8/Vista IIS 7.5 -> win 2k8 R2/Win 7 virtual techdays INDIA │ 18-20 august 2010

7.  IIS 7.0 leverages the reliability and security-focused architecture of IIS 6.0  Modular Web server  40 different components  Individual installation of each component  Role specific Web server deployment  Extensible architecture  ASP.NET integration  Form Authentication and URL authorization for static files (.htm,.css etc) and.asp pages  Eliminates duplication of features  Common IIS and ASP.NET configuration file  Enhancement in hosting FastCGI application such as PHP  Distributed configuration system  Enhanced diagnostics and troubleshooting using Failed Request Tracing[FREB] virtual techdays INDIA │ 18-20 august 2010

8. virtual techdays INDIA │ 18-20 august 2010

9. IIS 7.0/7.5 Architecture virtual techdays INDIA │ 18-20 august 2010

10. IIS 7 Using Self Signed certificate feature  With IIS 6, it was difficult to generate certificate even for testing purpose.  Earlier We’ve submit to cert request to Local CA for self signed certificate.  But IIS 7.0 makes it radically easier to configure and enable SSL. IIS 7.0 also now has built-in support for creating "Self Signed Certificates" that enable you to easily create test/personal certificates that you can use to quickly SSL enable a site for development or test purposes. virtual techdays INDIA │ 18-20 august 2010

11. Kernel Mode SSL  Kernel Mode SSL[IIS7 kernel mode SSL is going to be the default setting and the only setting]  This give Tremendous performance gain in terms of context switching virtual techdays INDIA │ 18-20 august 2010

12. Kernel Mode Windows Authentication  On IIS 7 Windows Authentication is by default configured to run in kernel mode  When set it takes care of SPN setting for kerberos. But exceptions are there to the rule. virtual techdays INDIA │ 18-20 august 2010

13. virtual techdays INDIA │ 18-20 august 2010 DEMO: Kernel Mode Auth / Creating Self signed certificates Jaskirat Singh │ Technical Lead, Microsoft

14. Management Api And APPCMD tool  IIS management (API) allows complete manipulation of the XML configuration files and convenience access to server objects  The management classes reside in the Microsoft.Web.Administration namespace Example : Create New Website using System; using System.Collections.Generic; using System.Text; using Microsoft.Web.Administration; namespace MSWebAdmin_Application { class Program { static void Main(string[] args) { ServerManager serverManager = new ServerManager(); Site mySite = serverManager.Sites.Add("Racing Cars Site", d:\\inetpub\\wwwroot\racing", 8080); mySite.ServerAutoStart = true; serverManager.CommitChanges(); } virtual techdays INDIA │ 18-20 august 2010

15. Management Api And APPCMD tool  AppCmd.exe is the single command line tool for managing IIS 7  Some of the things you can do with AppCmd:  Create and configure sites, apps, application pools, and virtual directories  Start and stop sites, and recycle application pools  List running worker processes, and examine currently executing requests  Search, manipulate, export, and import IIS and ASP.NET configuration virtual techdays INDIA │ 18-20 august 2010

16. virtual techdays INDIA │ 18-20 august 2010 DEMO: Management API and APPCMD Jaskirat Singh │ Technical Lead, Microsoft

17. Running 32 bit and 64 bit worker process side by side on same server  On Windows X64 bit you can run either worker process [w3wp.exe] either in 32 bit OR 64 bit but not the both on the same time  Good New on IIS 7.x, We can run 32 bit and 64 bit worker process on same time.  You can change the config manually or through UI or using appcmd  Using Appcmd:  appcmd set apppool /apppool.name:MyAppPool32bit /enable32BitAppOnWin64:true  appcmd set apppool /apppool.name:MyAppPool64bit /enable32BitAppOnWin64:false virtual techdays INDIA │ 18-20 august 2010

18. IIS 7 Application Pool Identities Worker processes in IIS 6.0 run as NETWORKSERVICE by default.[It was low privilege account]  Why ApplicationPoolIdenity in IIS7 ? As more and more Windows system services started to run as NETWORKSERVICE. This is because services running as NETWORKSERVICE can tamper with other services that run under the same identity. Because IIS worker processes run third-party code by default (Classic ASP, ASP.NET, PHP code), it was time to isolate IIS worker processes from other Windows system services and run IIS worker processes under unique identities. For every Application Pool you create, the IIS Admin Process (WAS) will create a virtual account with the name of the new Application Pool and run the Application Pool's worker processes under this account. Represented as "IIS AppPool\DefaultAppPool" However, the identity is not a real user account; it will not show up as a user in the Windows User Management Console virtual techdays INDIA │ 18-20 august 2010

19. Server Core  Minimal Installation option for windows 2008  Available for X86 and X64  No User interface. Only CMD  Core sub system: Security Logon,networking(TCP/IP),file system etc  Basic set of management tools: Configure ip address, create users,notepad,taskmgr  Less patches  60% less than win 2000  More Secure, Reliable and Less Management virtual techdays INDIA │ 18-20 august 2010

20. IIS 7/7.5 Remote management And Feature delegation Prerequisites for Remote management  IIS 7.0 on Windows Server® 2008 or IIS 7.5 on Windows Server 2008 R2 The default IIS 7 installation options do not include the Management Service (also referred to as the Web Management Service (WMSVC)), which is required for remote administration  Only Windows Administrator can connect remotely to “Server” Level and not the IIS User  You can connect to IIS 7/7.5 remotely from Win XP SP-2 / Windows 2003 Sp-1 and Windows 7 after installing IIS Remote Manager  For enabling Write permission for any feature you’ve to configure permission and file ACLs  For IIS Manager User (NT Service\WMSVC by default).  For each Windows user or group virtual techdays INDIA │ 18-20 august 2010

21. virtual techdays INDIA │ 18-20 august 2010 DEMO: IIS 7 Remote management And Feature Delegation Jaskirat Singh │ Technical Lead, Microsoft

22. App Warm Up Module  Improving site performance  Individual pages run faster  Hide start-up cost for a cold application  Application Warm-Up Module in IIS 7.5 allows applications to automatically start without a request  This helps us reduce the initial warm-up time for applications on the first request. virtual techdays INDIA │ 18-20 august 2010

23. virtual techdays INDIA │ 18-20 august 2010 DEMO: App warm Up Module Jaskirat Singh │ Technical Lead, Microsoft

24. Troubleshooting using FREB  It helps to figure out what exactly is happening with your request.At what point it failed.  It can be used to measure performance of the request  It can help in figuring out Module loading and executing order virtual techdays INDIA │ 18-20 august 2010

25. virtual techdays INDIA │ 18-20 august 2010 DEMO: Enabling FREB Tracing Jaskirat Singh │ Technical Lead, Microsoft

26. virtual techdays THANKS │ 18-20 august 2010 Jaskirat.singh@microsoft.com │ http://blogs.msdn.com/jaskishttp://blogs.msdn.com/jaskis