Presentation is loading. Please wait.

Presentation is loading. Please wait.

Kochhar LexServe Pvt. Ltd.

Published byWilliam Johns Modified over 9 years ago

Similar presentations

Presentation on theme: "Kochhar LexServe Pvt. Ltd."— Presentation transcript:

1 Kochhar LexServe Pvt. Ltd.
Brought To you A considerate solution of IIS for trouble handling with Applications and Websites. By Manish Kumar Web Server Administrator Kochhar LexServe Pvt. Ltd. TechEd 2002

2 Agenda IIS 6.0 – an overview Considerations Resources Q&A
Reliability – a new process model Security Performance and scalability Improving manageability Considerations Resources Q&A TechEd 2002

3 Reliability A New Architecture for IIS 6.0 W3SVC
GOAL: permit complete application isolation from other Web applications and the core Web server Web Service functionality in INETINFO split out to do this: HTTP.sys: kernel mode listener and request router W3SVC: now the configuration and process manager W3Core: where Web applications are processed Multiple W3Core DLLs loaded into W3WP.exe files Two process model modes [Default] worker process isolation mode IIS 5.0 isolation mode W3SVC W3Core Web app HTTP.SYS kernel TechEd 2002

4 Reliability A Reminder – Process Model for IIS 5.0
DLLHOST.exe Pooled OOP Apps INETINFO.exe metabase ftp, smtp, nntp ASPNET_WP.exe DLLHOST.exe .Net App Domain W3SVC DLLHOST.exe .Net App Domain Isolated OOP App .Net App Domain DLLHOST.exe Isolated OOP App ASP.NET In-proc Apps Isolated OOP App ISAPI Filters User mode Kernel mode Winsock TechEd 2002

5 Reliability IIS 6.0 Worker Process Isolation Mode
Application Pool Application Pool Application Pool INETINFO.exe SVCHOST.exe W3WP.exe W3WP.exe W3WP.exe W3Core metabase W3SVC W3Core W3Core ASP.net Apps All Apps (no OOP) All Apps (no OOP) ftp, smtp, nntp .Net App Domain W3 Config Mgr W3 Process Mgr .Net App Domain .Net App Domain ISAPI Filters ISAPI Filters User mode Kernel mode HTTP.SYS TechEd 2002

6 Reliability Application Pools
Can create one or more application pools Each served by one or more W3WP.exe files Each W3WP.exe serves only one pool Requests routed directly to pool by HTTP.sys Isolate applications based on: Site/Customer Functionality Reliability TechEd 2002

7 Reliability Periodic Process Recycling
What is it? Periodically restart applications based on: [Default] uptime number of requests Scheduled time Memory consumption On-demand Why use it? Refresh applications to ensure availability Prevent bad applications from taking over the system Effect on applications In-process state or cache lost on recycle Possible multi-instance issues TechEd 2002

8 Reliability Self-Healing Architecture
Health check (pinging) - What is it? Designed to detect W3WP.exe thread deadlock Will engage if there are no threads in W3WP.exe available to respond in time How does it work? W3SVC will “ping” each W3WP.exe Process has a configured time limit to respond If (no response in time limit) Default: kill process, publish event, and start new process Or: can be configured to take a configured action on process => “Orphaning” ASP and ASP.NET uses the ping to request a recycle if they are unhealthy TechEd 2002

9 Reliability Crash Detection and Recovery
W3SVC detects W3WP.exe “crash” W3SVC will start new W3WP.exe if there is demand Requests queued in HTTP.sys while new W3WP started Net effect: no Interruption in service Rapid fail protection Only allow x crashes in y minutes Automatically stop pool if this value is exceeded – 503s to requests for this pool TechEd 2002

10 Reliability Application Considerations
Design applications to be recycled Persist state/caches external to host process For ASP.NET, use External session state service or Microsoft® SQL Server™ to store state Be aware of multi-instance issues May be encountered during: Recycles – overlap by default, but can disable overlap recycle or recycling altogether Two application pools loading the same application code If unable to change code, assign all URLs to the same pool “IIS 5-isms” – dependencies on IIS 5.0 behaviors Running as LocalSystem Global data filters If the above cannot be worked around, run IIS 6.0 in IIS 5.0 isolation mode Loads W3Core into INETINFO, same IIS 5.0 OOP TechEd 2002

11 Security on IIS 6.0 Secure on Installation
Clean installation IIS not installed on a clean install by default Use Configure Your Server Wizard to install application server role – installs: IIS 6.0 FPSE (not enabled) ASP.NET (not enabled) Upgrade installation W3SVC disabled unless URLScan is installed before upgrade TechEd 2002

12 Security on IIS 6.0 Attack Surface Reduced
Restriction list Only execute requests for “allowed” extensions and CGIs No extensions or CGIs allowed by default 404.2 returned if request for “prohibited” extension or CGI Use Web Service Extensions node in MMC to “allow” and “prohibit” extensions and CGIs Known file extensions Only serve requests that are defined in MIMEMAP 404.3 for requests not in MIMEMAP Considerations If using Visual Studio® .NET – define .tmp files in MIMEMAP Visual Studio .NET to fix this in SP1 TechEd 2002

13 Security in IIS 6.0 Configurable Worker Process Identity
Worker process can be started as: Network service (default) Local system Local service Configured ID IIS_WPG New user group IIS resources put into an ACL in this group Will get 503s if configurable account is not part of IIS_WPG Considerations Passport Active Directory® mapping requires local system Kerberos might require additional configuration for this ID TechEd 2002

14 Security in IIS 6.0 Secure Changes from IIS 5.0
Sub authentication is not installed by default on clean installations Effect = passwords might expire for IWAM and IUSR accounts Solution = must install SubAuth or come up with own synchronization scheme URLs restricted to maximum length of 16 KB with more restrictive parsing No special chars, etc. Content in Inetpub is now overwrite protected Command-line tools limited to the administrators group only TechEd 2002

15 Security in IIS 6.0 Recommendations
Do a clean installation vs. upgrade – more secure by default No lockdown tool yet for IIS 6.0 to handle upgrade case Run application pool W3WP.exe files as Network Service (default) Only “allow” extensions that are vital to all applications Prohibit everything else to reduce attack surface Check IIS hit logs and HTTPERR log IIS hit logs – substatus codes logged for W3C and binary-formatted files HTTPERR – detail on reason for 503s and connection terminations TechEd 2002

16 Performance in IIS 6.0 Caching Responses in HTTP.SYS
Cached dynamic content served straight from HTTP.SYS Could run double speed when served from kernel – no user-mode transition Your applications will not see requests if served from cache Static files cached by default Smart caching - only “hot” static content cached Invalidation API callback Also leverage “Expires” header to automatically set “staleness” timeout for cached responses Considerations Use for dynamic responses if they can be “stale” for a period of time Lessens load on Web server if response from cache can be served ASP.NET => use OutputCache Location=“Server” directive to mark response as cacheable TechEd 2002 4

17 Performance in IIS 6.0 Capacity Planning Tracing
Hooks at key positions during request lifetime, from start of request to final send of response: HTTP Start, Route, Cache Hit, End ISAPI Filter Start/Stop (filter name, notification) ISAPI Extension Start/Stop ASP Start/Stop ASP.net Start/Stop Useful in debugging as well – Where is my request blocked? Customer example Uses this to find high CPU-usage pages Also used to diagnose where the delay is TechEd 2002 4

18 Performance in IIS 6.0 Web Gardens and Processor Affinity
Application Pool Web Gardens Application pool with more than one worker process Connection-based routing within Garden Processor affinitization Bind application pool processes to one or more CPUs Mask-based configuration Considerations Possible multi-instance issues Recycling – possible all-at-once Affinitization Create virtual silos of work on large MP boxes Affinitize based on MP architecture (bind to CPUs on same pod) W3WP.exe W3WP.exe SVCHOST.exe W3WP.exe W3Core W3Core W3Core W3SVC All Apps (no OOP) All Apps (no OOP) All Apps (no OOP) W3 Config Mgr W3 Process Mgr ISAPI Filters ISAPI Filters ISAPI Filters HTTP.SYS kernel TechEd 2002

19 Performance in IIS 6.0 Idle Timeout and Demand Start
Time out and shut down idle processes if process is idle for given period of time Frees resources for active applications Applications still available even if worker process idles out and is shutdown! Demand start Only start worker process if there is demand for the application pool Considerations Use idle timeout to free resources for other heavy-use applications Consider disabling idle timeout if application startup takes a long time Note: will cause idle processes to terminate Loss of in-memory cache TechEd 2002

20 Manageability in IIS 6.0 Metabase Improvements
XML Metabase Metabase now stored in XML Auto-versioning: like an automatic backup Edit while running Make changes directly to the Metabase.xml file while IIS is running Any editor can be used – Notepad .NET, PERL, etc. Considerations Safer and more secure to use ADSI or UI to make changes to metabase Note: Metabase.bin still exists, but only as a stub file for legacy backup applications ADSI UI Admin Base Objects Metabase.xml MBSchema.xml TechEd 2002

21 Manageability in IIS 6.0 Metabase Improvements – Import/Export
Export/import metabase configuration to/from XML Options include: Export/Import inherited properties Export/Import node only (or entire subtree) Password-encrypted exported file Use with ASP.NET XCOPY deployment of applications Export IIS 6.0 metabase configuration for .NET application Store in .NET application directory Import application metabase configuration file after XCOPY Admin Base Objects ADSI UI Metabase.xml MBSchema.xml TechEd 2002

22 Manageability in IIS 6.0 WMI Provider and New Command Line Tools
Query support Associations Scriptable New command-line tools Task-based approach Supported tools – currently in %windir%\system32 Based on WMI Provider Example: use IISCNFG.vbs as part of .NET application migration strategy between two IIS 6.0 boxes Command Line Tools ADSI WMI UI Admin Base Objects Metabase.xml MBSchema.xml TechEd 2002

23 Summary IIS 6.0 was made better by making Web applications more:
Secure Reliable Scalable Manageable TechEd 2002

24 Resources IIS 6.0 Overview on TechNet: IIS 6.0 Technical Overview:
IIS 6.0 Technical Overview: TechEd 2002

25 Kochhar LexServe Pvt. Ltd.
Thank you for joining. For any doubt and query in future about IIS6.0, Please visit: Your feedback is sincerely appreciated. Please send any comments or suggestions on the given address:

Download ppt "Kochhar LexServe Pvt. Ltd."

Similar presentations

Internet Information Server 6.0. IIS 6.0 Enhancements  Fundamental changes, aimed at: Reliability & Availability Reliability & Availability Performance.

Internet Information Server 6.0. IIS 6.0 Enhancements  Fundamental changes, aimed at: Reliability & Availability Reliability & Availability Performance.
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 13: Administering Web Resources.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 13: Administering Web Resources.
Lap Around IIS7 Bill Staples Product Unit Manager, IIS COM014 – A Lap Around IIS7 Microsoft Corporation xxx Roller Coaster Ride.

Lap Around IIS7 Bill Staples Product Unit Manager, IIS COM014 – A Lap Around IIS7 Microsoft Corporation xxx Roller Coaster Ride.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 13: Administering Web Resources.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 13: Administering Web Resources.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
IIS6 Web Services. Overview Application Platform Features Reliability Features Manageability Features Performance and Scalability Features Security Features.

IIS6 Web Services. Overview Application Platform Features Reliability Features Manageability Features Performance and Scalability Features Security Features.
1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.

1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.
Satisfy Your Technical Curiosity Internet Information Services (IIS) 7.0 End-to-End Overview of Microsoft's New Web Application Server Bart De Smet MVP,

Satisfy Your Technical Curiosity Internet Information Services (IIS) 7.0 End-to-End Overview of Microsoft's New Web Application Server Bart De Smet MVP,
Hands-On Microsoft Windows Server 2003 Administration Chapter 7 Administering Web Resources in Windows Server 2003.

Hands-On Microsoft Windows Server 2003 Administration Chapter 7 Administering Web Resources in Windows Server 2003.
IIS7 for Developers Leon Langleyben Chief Architect SRL Group

IIS7 for Developers Leon Langleyben Chief Architect SRL Group
DEV450 Visual Studio: Best Practices For Debugging Managed Applications Habib Heydarian Scott Nonnenberg Program Managers Microsoft Corporation.

DEV450 Visual Studio: Best Practices For Debugging Managed Applications Habib Heydarian Scott Nonnenberg Program Managers Microsoft Corporation.
IIS 7: The Next Generation Web Application Server Platform Michael Volodarsky Program Manager Web Platform and Tools Team Microsoft Corporation.

IIS 7: The Next Generation Web Application Server Platform Michael Volodarsky Program Manager Web Platform and Tools Team Microsoft Corporation.
Building Scalable and Reliable Web Applications Vineet Gupta Technology Evangelist Microsoft Corporation

Building Scalable and Reliable Web Applications Vineet Gupta Technology Evangelist Microsoft Corporation
April-June 2006 Windows Hosting Seminar Series Product Roadmap: IIS 7.0 Matthew Boettcher Web Platform Technical Evangelist (Hosting) Developer & Platform.

April-June 2006 Windows Hosting Seminar Series Product Roadmap: IIS 7.0 Matthew Boettcher Web Platform Technical Evangelist (Hosting) Developer & Platform.
Enterprise Reporting with Reporting Services SQL Server 2005 Donald Farmer Group Program Manager Microsoft Corporation.

Enterprise Reporting with Reporting Services SQL Server 2005 Donald Farmer Group Program Manager Microsoft Corporation.
IT533 Lectures Configuring, Deploying, Tracing and Error Handling.

IT533 Lectures Configuring, Deploying, Tracing and Error Handling.
Managing DHCP. 2 DHCP Overview Is a protocol that allows client computers to automatically receive an IP address and TCP/IP settings from a Server Reduces.

Managing DHCP. 2 DHCP Overview Is a protocol that allows client computers to automatically receive an IP address and TCP/IP settings from a Server Reduces.
Internet Information Server 6.0. Overview  What’s New in IIS 6.0?  Built-in Accounts and IIS 6.0  IIS Pass-Through Authentication  Securing Web Traffic.

Internet Information Server 6.0. Overview  What’s New in IIS 6.0?  Built-in Accounts and IIS 6.0  IIS Pass-Through Authentication  Securing Web Traffic.
Virtual techdays INDIA │ 18-20 august 2010 IIS 7/7.5 Tips & Tricks Jaskirat Singh │ Technical Lead [IIS|Asp.Net team], Microsoft.

Virtual techdays INDIA │ august 2010 IIS 7/7.5 Tips & Tricks Jaskirat Singh │ Technical Lead [IIS|Asp.Net team], Microsoft.

Similar presentations

Ads by Google