Transcript Slide 1
Managing PHP and PHP
Applications on Windows
Drew Robbins
Developer Evangelist
Microsoft Corporation
Today’s Agenda…
IIS 6.0 and IIS 7.0 Pillars
Configuring PHP Applications
Securing PHP on Windows
Extending PHP Applications
Managing your IIS 7.0 Systems
Troubleshooting & Diagnostics
Summary
IIS 6.0 Pillars
Security
Reliability
Secure by default
Secure by design
Secure in deployment
Fault tolerant architecture
Health monitoring
Intelligent queuing
Scalability
Scale-up/scale-out
Kernel-mode caching
Integrated application platform
System
Management
XML-based configuration
Command line administration
Remote administration
To the Next Level, IIS 7.0 Pillars
Security
IIS 7.0
Extensibility
Config
Scalability
Customized, Componentized Web Server
Reduced management of Patches
URLScan built-in Functionality
Brand new Win32 API
Integrated support for iHttpModules (ASP.NET)
Distributed, delegatable configuration
Rich Extensibility
Integrated Configuration for Web Platform
System
Management
Innovative, Brand-new IIS Manager
AppCmd.exe: Command line administration
Http & Https Remote administration
Diagnostics
Brand-new State API
Easy-to-setup & Use Failed Request Tracing
IIS & ASP.NET Integrated Diagnostics
Reliable
Secure
Configuration & IIS 7.0
Metabase is gone
Central File: ApplicationHost.config
Strongly typed Schema
Uses ASP.NET semantics for .config files
Full Distributed Configuration
Use only ApplicationHost.config using IIS 7 defaults
Unlock: Give application developers control of
individual sections, collections, elements, and more!
New scripting and command line tools for
configuration.
Demonstration One
Configuring PHP
Security & IIS 7.0
Slim & Efficient
Install only the components you need
Reduce attack surface to minimum
Five times more granular than existing IIS
versions
Servicing and patching on a per component
basis
If you don’t install it, you won’t need to patch it
Demonstration Two
Securing PHP on Windows
Extensibility & IIS 7.0
Core Server
Brand new Win32 Native Interface
ALL IIS modules written using this interface
Unlike ISAPI, IIS team uses this very API just like you will
Full ASP.NET 2.0 Support
iHttpModule Interface available TODAY supported
ASP.NET 2.0 Handlers run exactly as they do today
Configuration
Fully extensible using XML schema files
IIS Manager (User Interface)
Using .NET 2.0, extend IIS Manager capabilities
Diagnostics
Add your events directly into our pipeline
Today’s “Request Pipeline”
w3wp.exe
aspnet_isapi.dll
handlers
cgi
static
file
Isapi
exts
IHttpModule Events
url map
determine handler
begin req
logging
auth’c req
custom errors
auth’z req
compression
resolve cache
end req
authentication
handler map
update req cache
handler exec
rel req state
ISAPI Filter Notifications
w3svc
url map
auth’c req
log
IHttpHandlers
Pre-proc headers End net session
http.sys
Trace.axd
PageHandler
The New Merged IIS7 Pipeline
Native Handler
static file
IHttpHandler
isapi ext
Native Module
*.aspx
end
trace.axd
IHttpModule
log
update cache
native modules
release state
managed modules
execute handler
pre-execute handler
was
basic auth
acquire state
digest auth
map handler
resolve cache
windows auth
authorize
authenticate
begin
http.sys
url auth’z
role mgr
forms auth
Demonstration Three
Extending PHP
System Management & IIS 7.0: User Interface
Wizards that
fully-complete
common tasks
Fully delegable
support to
Windows/NonWindows
accounts
Enhanced
support for
common
ASP.NET
configuration
Wizard-based
support for IIS
Troubleshooting
features
System Management & IIS 7.0: WMI Provider
Re-built WMI
provider
offering full
support for
new
configuration
Fully
extensible to
allow support
for your
custom code
Set oService =
GetObject("winmgmts:root\WebAdministration")
' Create binding for site
Set oBinding =
oService.Get("BindingElement").SpawnInstance_
oBinding.BindingInformation = "*:80:www.site.com"
oBinding.Protocol = "http"
' Create site
oService.Get("Site").Create _
"NewSite", array(oBinding), "C:\inetpub\wwwroot"
' Create application
oService.Get("Application").Create _
"/foo", "NewSite", "C:\inetpub\wwwroot\foo"
System Management & IIS 7.0: AppCmd.exe
AppCmd.exe offers quick access to new
IIS 7 configuration
C:\>
requests
C:\>appcmd
appcmdlist
list
sites
REQUEST
"fb0000008000000e"
(url:GET
SITE "Default
Web Site" (id:1,bindings:HTTP/*:80:,state:Started)
/wait.aspx?time=10000,time:4276
msec,client:localhost)
SITE "Site1" (id:2,bindings:http/*:81:,state:Started)
SITE "Site2" (id:3,bindings:http/*:82:,state:Stopped)
Quick, efficient access to new IIS 7
configuration
Mirrors *.vbs files from IIS 6.0
Built-in “pipe” support
System Management & IIS 7.0: Compatibility
WMIv2 & ADSI
Support
Existing Scripts will
“just work”
Installing Metabase
support is easy
Low-level interface
to “re-route” Admin
Base Object (ABO)
calls to new
configuration
Relies on
Inetinfo.exe service
be presented and
loaded
Demonstration Four
Managing IIS 7.0
Troubleshooting & Diagnostics in IIS 7.0: RSCA
New, in-process state information available
Current processes running
Application Pools Process Id (PID)
Currently executing requests
AppDomains loaded
Real-time starting & stopping of sites
Troubleshooting & Diagnostics in IIS 7.0: FREB
Coolest feature of
‘em all…
Failed Request
Tracing traces all
requests through IIS
pipeline
Automatically
enabled on IIS 7
Easily identifies
requests that are
stuck, or failing
Identifies time taken
in each module,
helping analyzing
long running
requests
Begin Request
Read Metadata
Authenticate
Authorize
Cached
ISAPI Filter
Determine Handler
Demonstration Five
Failed Request Event Buffer
Putting it all Together…Summary
IIS 7.0
Diagnostic
System
Management
Config
Extensible
Scalable
Reliability
Security
Extensibility
Management
IIS 7 Configuration
Security:
Diagnostics
• IIS
Manager
rebuilt
from
Real-time
Very
Metabase…GONE!
strong
state
customized
Maximum
extensibility
ground
up Schematized
information
web
servers
exposed via
Strongly
Native
& Managed
script
&
managed
code
• Built
in
delegation
support
Lightweight
Configuration
processes
Code support
View
for
minimum
currently
footprint
• Support
Windows
& nonDistributed
&executing
Platform
extensibility
requests
in
IIS Manager
Windows
accounts
Delegation
Strong
Request
built in
Core
Server,
WMI, User
or
Script
Filtering
directly
into
to
push
new
• Remote
admin
support
Interface,
andTracing:
Failed
URLScan
configuration
Request
into
product
• Fully
extensible
Diagnostics
Zero-repro
diagnostics
Full support
for
previous versions usage
of ABO
IIS’s new home for the
community…
Resources
Technical Chats and Webcasts
http://www.microsoft.com/communities/chats/default.mspx
http://www.microsoft.com/usa/webcasts/default.asp
Microsoft Learning and Certification
http://www.microsoft.com/learning/default.mspx
MSDN & TechNet
http://microsoft.com/msdn
http://microsoft.com/technet
Virtual Labs
http://www.microsoft.com/technet/traincert/virtuallab/rms.mspx
Newsgroups
http://communities2.microsoft.com/
communities/newsgroups/en-us/default.aspx
Technical Community Sites
http://www.microsoft.com/communities/default.mspx
User Groups
http://www.microsoft.com/communities/usergroups/default.mspx
© 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not
be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation.
MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.