Transcript Slide 1

IIS 7.0: End to End Overview
Drew Robbins
Developer Evangelist
Microsoft Corporation
Today’s Agenda…
IIS 6.0 Pillars: Let’s review…
To the next level, IIS 7.0 Pillars
Security & IIS 7.0
Extensibility: What to know
Brand new Configuration
Managing your IIS 7.0 Systems
Troubleshooting & Diagnostics
Summary
IIS 6.0 Pillars: Let’s Review…
Security
Reliability
Secure by default
Secure by design
Secure in deployment
Fault tolerant architecture
Health monitoring
Intelligent queuing
Scalability
Scale-up/scale-out
Kernel-mode caching
Integrated application platform
System
Management
XML-based configuration
Command line administration
Remote administration
To the Next Level, IIS 7.0 Pillars…
Security
Extensibility
Customized, Componentized Web Server
Reduced management of Patches
URLScan built-in Functionality
Brand new Win32 API
Integrated support for iHttpModules (ASP.NET)
Distributed, delegatable configuration
Rich Extensibility
Integrated Configuration for Web Platform
IIS 7.0
Config
Scalability
System
Management
Innovative, Brand-new IIS Manager
AppCmd.exe: Command line administration
Http & Https Remote administration
Diagnostics
Brand-new State API
Easy-to-setup & Use Failed Request Tracing
IIS & ASP.NET Integrated Diagnostics
Reliable
Secure
Security & IIS 7.0
Custom,
Componentized Web
Server
Reduce Patch
Management
Built-in URLScan
Security & IIS 7.0: Footprint of the Past
FTP Service
Admin Tool
WWW Service
Scripts Directory
Remote Desktop ActiveX
Printers Virtual Directory
FrontPage 2000 Srv Ext
Common Files
Security & IIS 7.0: Piece-by-Piece Deployments
Security
BasicAuthModule
Application
Development
DigestAuthModule
NetFxExtensibility
WindowsAuthModule
ISAPIModule
CertificateAuthModule
ISAPIFilterModule
Health and
Diagnostics
HttpLoggingModule
CustomLoggingModule
RequestMonitorModule
AnonymousAuthModule
CGIModule
IPSecurityModule
ServerSideIncludeModule
UrlAuthorizationModule
ASP
RequestFilteringModule
ASP.NET
HTTPTracingModule
FTP Publishing
FTP Server
FTP Management
Performance
Static Compression
Dynamic Compression
ODBCLogging
LoggingLibraries
Management
ManagementConsole
Common HTTP Web Server Components
StaticFileModule
HttpRedirect
DefaultDocumentModule
DirectoryListingModule
CustomErrorModule
ManagementScripting
ManagementService
Metabase
WMICompatibility
Windows Process Activation Service
ProcessModel
NetFxEnvironment
ConfigurationAPI
LegacyScripts
LegacySnap-in
Lightweight Processes with IIS 7
Drew Robbins
Developer Evangelist
IIS Product Unit
Security & IIS 7.0
Slim & Efficient
Install only the components you need
Reduce attack surface to minimum
Five times more granular than existing IIS
versions
Servicing and patching on a per component
basis
If you don’t install it, you won’t need to patch it
Extensibility in IIS 7.0
A review:
Extensibility in IIS 6
Re-built Core Server
with new Win32 API
Full IIS Pipeline
support for ASP.NET
2.0
Extensibility & IIS 7.0
Internet Server API (ISAPI)
ISAPI Filters
ISAPI Extensions
Pitfalls:
Big Learning Curve for new & experienced
Developers
Lacks support for Managed Code
Developers
Locked, static set of API’s not easily
expanded from release to release
Today’s “Request Pipeline”
w3wp.exe
aspnet_isapi.dll
handlers
cgi
static
file
Isapi
exts
IHttpModule Events
url map
determine handler
begin req
logging
auth’c req
custom errors
auth’z req
compression
resolve cache
end req
authentication
handler map
update req cache
handler exec
rel req state
ISAPI Filter Notifications
w3svc
url map
auth’c req
log
IHttpHandlers
Pre-proc headers End net session
http.sys
Trace.axd
PageHandler
The New Merged IIS7 Pipeline
Native Handler
static file
IHttpHandler
isapi ext
Native Module
*.aspx
end
trace.axd
IHttpModule
log
update cache
native modules
release state
managed modules
execute handler
pre-execute handler
was
basic auth
acquire state
digest auth
map handler
resolve cache
windows auth
authorize
authenticate
begin
http.sys
url auth’z
role mgr
forms auth
Rip ‘er out and Replace
Drew Robbins
Developer Evangelist
IIS Product Unit
Extensibility & IIS 7.0
Core Server
Brand new Win32 Native Interface
ALL IIS modules written using this interface
Unlike ISAPI, IIS team uses this very API just like you will
Full ASP.NET 2.0 Support
iHttpModule Interface available TODAY supported
ASP.NET 2.0 Handlers run exactly as they do today
Configuration
Fully extensible using XML schema files
IIS Manager (User Interface)
Using .NET 2.0, extend IIS Manager capabilities
Diagnostics
Add your events directly into our pipeline
Brand New Configuration in IIS 7.0
Distributed
Configuration for IIS &
ASP.NET
Fully nonadministrative
delegation
IIS & ASP.NET
Configuration: Sideby-Side
Configuration & IIS 7.0
Metabase: Going, going, … GONE!
Old metabase pushed to new configuration
Property names stay the same
Central File: ApplicationHost.config
Strongly typed Schema
Uses ASP.NET semantics for .config files
Full Distributed Configuration
Use only ApplicationHost.config using IIS 7 defaults
Unlock: Give application developers control of
individual sections, collections, elements, and more!
Configuration & IIS 7.0
Metabase Inheritence
Repetitive
Large collections of
Multi-strings (multi-sz)
& Flags
IIS 7 Distributed
Configuration
Clear actions: Add,
Remove, Clear, etc.
Only modify what you
don’t want inherited
<!-- ApplicationHost.config
Metabase.xml file -->
<!–
-->
<IIsWebService
Location ="/LM/W3SVC"
<handlers>
ScriptMaps=".asp,D:\WINDOWS\sys
<add path=“*.asp"
tem32\inetsrv\asp.dll,5,GET,HEAD,POS
T,TRACE
modules=“Asp“
checkPathInfo=“true“
.idc,D:\WINDOWS\sys
tem32\inetsrv\httpodbc.dll,5,GET,POS
verb="GET,HEAD,POST"
/>
T
<add path=“*.stm"
.shtml,D:\WINDOWS\s
ystem32\inetsrv\ssinc.dll,5,GET,POST
modules=“ServerSideIncludeModule
””
… (other
checkPathInfo=“true"
properties
here)
verb="GET,POST"
/>
>
<add path=“*.exe"
</IIsWebService>
modules=“CGIModule“
checkPathInfo=“true"
<IIsWebVirtualDir Location
verb="GET,POST" />
="/LM/W3SVC/1/ROOT“
</handlers>
ScriptMaps=".asp,D:\WINDOWS\system32
\inetsrv\asp.dll,5,GET,HEAD,POST,TRA
CE
<!-- Web.Config
in Application Root
.idc,D:\WINDOWS\sys
-->
tem32\inetsrv\httpodbc.dll,5,GET,POS
T
.shtml,D:\WINDOWS\s
<handlers>
ystem32\inetsrv\ssinc.dll,5,GET,POST
<add path=“*.aspx“
.aspx,D:\WINDOWS\Mi
modules=“aspnet”
crosoft.NET\Framework\v2.0.x86chk\as
checkPathInfo="false”
pnet_isapi.dll,1,GET,HEAD,POST,DEBUG
”
verb="GET,POST"
/>
… (other
<handlers>
properties here)
>
</IIsWebVirtualDir>
Configuration & IIS 7.0
Windows
Vista & IIS 7
Website 1 Root
web.config
Website 2 Root
Site Administrators
web.config
Windows
Application 1 Root
Administrators
Only
ApplicationHost
.config
web.config
App
Application 2 Root
web.config
Admins
Delegating Control &
Distributed Config
Drew Robbins
Developer Evangelist
IIS Product Unit
Configuration & IIS 7.0
Delegation of config settings to Developers
XCopy deployment of configuration along with
content
Single configuration API for the entire Web
Platform
Clean, well schematized configuration files
Rich extensibility
Managing your IIS 7.0 Systems
Brand new User
Interface – IIS
Manager
Completely re-built
WMI Provider
Next generation
Command-line
administration using
AppCmd.exe
Fully compatible
system with IIS 6.0
ADSI & WMI
System Management & IIS 7.0: User Interface
Wizards that
fully-complete
common tasks
Fully delegable
support to
Windows/NonWindows
accounts
Enhanced
support for
common
ASP.NET
configuration
Wizard-based
support for IIS
Troubleshooting
features
System Management & IIS 7.0: WMI Provider
Re-built WMI
provider
offering full
support for
new
configuration
Fully
extensible to
allow support
for your
custom code
Set oService =
GetObject("winmgmts:root\WebAdministration")
' Create binding for site
Set oBinding =
oService.Get("BindingElement").SpawnInstance_
oBinding.BindingInformation = "*:80:www.site.com"
oBinding.Protocol = "http"
' Create site
oService.Get("Site").Create _
"NewSite", array(oBinding), "C:\inetpub\wwwroot"
' Create application
oService.Get("Application").Create _
"/foo", "NewSite", "C:\inetpub\wwwroot\foo"
System Management & IIS 7.0: AppCmd.exe
AppCmd.exe offers quick access to new IIS 7
configuration
C:\>
requests
C:\>appcmd
appcmdlist
list
sites
REQUEST
"fb0000008000000e"
(url:GET /wait.aspx?time=10000,time:4276
SITE "Default
Web Site" (id:1,bindings:HTTP/*:80:,state:Started)
msec,client:localhost)
SITE "Site1" (id:2,bindings:http/*:81:,state:Started)
SITE "Site2" (id:3,bindings:http/*:82:,state:Stopped)
Quick, efficient access to new IIS 7
configuration
Mirrors *.vbs files from IIS 6.0
Built-in “pipe” support
System Management & IIS 7.0: Compatibility
WMIv2 & ADSI
Support
Existing Scripts will
“just work”
Installing Metabase
support is easy
Low-level interface
to “re-route” Admin
Base Object (ABO)
calls to new
configuration
Relies on
Inetinfo.exe service
be presented and
loaded
Extending the User Interface to
Support Custom Code
Drew Robbins
Developer Evangelist
IIS Product Unit
System Management & IIS 7.0
Delegated management of sites and applications
using IIS Manager
Remote management over HTTP/S
Support for Windows and non-Windows
credentials
AppCmd.exe offers direct, command-line access
to brand-new configuration
Complete extensibility across IIS Manager, WMI
Full backwards compatibility with Metabase
support
Troubleshooting in IIS 7.0
Real-time state
information available
to Administrators &
Developers
Powerful Failed
Request Tracing
Extensive Custom
Errors
Troubleshooting & Diagnostics in IIS 7.0: RSCA
New, in-process state information available
Current processes running
Application Pools Process Id (PID)
Currently executing requests
AppDomains loaded
Real-time starting & stopping of sites
Troubleshooting & Diagnostics in IIS 7.0: FREB
Coolest feature of
‘em all…
Failed Request
Tracing traces all
requests through IIS
pipeline
Automatically
enabled on IIS 7
Easily identifies
requests that are
stuck, or failing
Identifies time taken
in each module,
helping analyzing
long running
requests
Begin Request
Read Metadata
Authenticate
Authorize
Cached
ISAPI Filter
Determine Handler
Troubleshooting & Diagnostics in IIS 7.0: Custom Errors
Re-built Custom Errors
Language specific (Accept-Encoding)
Experience different for external clients than
“Localhost”
Detailed information
Time
URL
Current Module
Response Status, Sub-Status
More Information (i.e. Steps to fix problem)
Locating Failures Using FREB
Drew Robbins
Developer Evangelist
IIS Product Unit
Troubleshooting & Diagnostics in IIS 7.0
Real-time server state information
Control APIs for managing state
Detailed event trace events across web platform
stack
Automatic event trace logging on error conditions
Extensibility for adding traces to application code
Putting it all Together…Summary
IIS 7.0
Diagnostic
System
Management
Config
Extensible
Scalable
Reliability
Security
Extensibility
Management
IIS 7 Configuration
Security:
Diagnostics
• IIS
Manager
rebuilt
from
Real-time
Very
Metabase…GONE!
strong
state
customized
Maximum
extensibility
ground
up Schematized
information
web
servers
exposed via
Strongly
Native
& Managed
script
&
managed
code
• Built
in
delegation
support
Lightweight
Configuration
processes
Code support
View
for
minimum
currently
footprint
• Support
Windows
& nonDistributed
&executing
Platform
extensibility
requests
in
IIS Manager
Windows
accounts
Delegation
Strong
Request
built in
Core
Server,
WMI, User
or
Script
Filtering
directly
into
to
push
new
• Remote
admin
support
Interface,
andTracing:
Failed
URLScan
configuration
Request
into
product
• Fully
extensible
Diagnostics
Zero-repro
diagnostics
Full support
for
previous versions usage
of ABO
IIS’s new home for the community…
Resources
Technical Chats and Webcasts
http://www.microsoft.com/communities/chats/default.mspx
http://www.microsoft.com/usa/webcasts/default.asp
Microsoft Learning and Certification
http://www.microsoft.com/learning/default.mspx
MSDN & TechNet
http://microsoft.com/msdn
http://microsoft.com/technet
Virtual Labs
http://www.microsoft.com/technet/traincert/virtuallab/rms.mspx
Newsgroups
http://communities2.microsoft.com/
communities/newsgroups/en-us/default.aspx
Technical Community Sites
http://www.microsoft.com/communities/default.mspx
User Groups
http://www.microsoft.com/communities/usergroups/default.mspx
© 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not
be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation.
MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.