Transcript IIS (WWW) IIS6 Web Services

IIS6
Web Services
Overview
Application Platform Features
Reliability Features
Manageability Features
Performance and Scalability Features
Security Features
Application Platform Features
Web Applications
The Application Server Role
Installing and Configuring the Application Server
Role
Configuring and Managing Your Server
Adding and Removing Components
Web Applications
A Web Application is a collection of content
accessed through hypertext protocols
Static content Web site
CGI scripts
ASP pages
ActiveX®/COM components
ASP.NET pages
.NET Web Services
Components of multi-tier applications
The Application Server Role
Combines specific interdependent functionality
termed Web Application Server:
Microsoft Internet Information Services (IIS) 6.0
Active Server Pages (ASP)
ASP .NET
Component Object Model (COM+)
Microsoft Data Engine (MSDE)
Microsoft Message Queuing (MSMQ)
The Application Server Role
The Application Server Role, which includes IIS 6.0
and other components, is not installed by default in
Windows Server 2003
Two Interfaces
Configure Your Server/Manage Your Server Wizards
Add/Remove Programs, Add/Remove Windows
Components
Configure Your Server and
Manage Your Server
Web Application Server role can be added through
Configure Your Server or Manage Your Server
Base components are automatically selected
Additional components are installed based on choices
made in wizard
After the role is added, it can be managed through
Manage Your Server
Configure Your Server/Manage
Your Server
Easy Web server setup
Configures only services required for application
Add/Remove Components
Allows for more
granular component
selection (and risk of
incorrect component
selection)
Reliability Features
Fault-tolerant Architecture
HTTP stack (HTTP.sys)
Application Pools
WWW Service
Worker Processes (W3WP.exe)
IIS 5.0 Isolation Mode
Health Monitoring
Process Recycling
Crash Detection and Rapid Fail Protection
Fault-tolerant Architecture:
Issues
Web sites and applications may contain flawed
code
Web server needs to be active manager of
applications:
Be fault tolerant (not crash on application failure)
Monitor the health of Web sites and applications
Actively recycle/restart processes
Continue to queue requests
Reliability without sacrificing performance
IIS 5.0
All requests run through single process (Inetinfo.exe),
Out-of-process applications (dllhost.exe) were slow
Application failures could crash server, other applications
Fault-tolerant Architecture:
Solution
IIS 6.0 fault-tolerant process isolation architecture
Isolates applications from each other and Web
server
Core components
HTTP.sys: Kernel mode component for HTTP listening,
routing, queuing, and caching
Application pools: Groups sites and applications for easy
management of process isolation
WWW Service: Configuration and server management,
process health monitoring
Worker processes (W3WP.exe): Isolate Web site and
application processing
IIS 6.0 Fault-tolerant
Architecture
User
Kernel
WWW
Service
Application Pool
Application Pool
W3WP.exe
W3WP.exe
Web
application
Web
application
HTTP.sys
Request
Response
HTTP Stack (HTTP.sys)
HTTP stack with queuing and caching functions
Runs in kernel mode
Supports IPv4 and IPv6
Does not load or run any Web site or application
code
Cannot be affected by applications errors and
failures
Routes requests to IIS application pools based on
URL mapping
Text-based and binary logging
HTTP Stack (HTTP.sys): KernelMode Queuing
HTTP.sys queues incoming HTTP requests
Each queue supports a set of sites/application
Queue size can be set by administrator
If an application fails:
HTTP.sys continues to accept and queue requests
until the application is restarted or the server is
shut down
Once the application restarts, the queue is
processed until it is empty
Buffers client application from application errors
Increases site and application availability
Application Pools
Defines a set of Web applications managed together
Separated by process boundaries
Served by one or more worker processes
Requests routed directly to pool by HTTP.sys
Not affected by sites and applications in other pools
Application cannot be routed to another pool while being
serviced by the current pool
Applications can be assigned to different pools running
while server is
Application Pools: Configuration
Easy to create and manage
Can configure up to 20,000 application pools per
server
WWW Service
Roles
Configures HTTP.sys
Manages worker processes
Application code runs in separate worker processes
No application code runs in WWW Service
Requests do not route through WWW Service
Ensures Web server reliability
Application errors cannot crash Web server
WWW Service: Configuration
At IIS 6.0 startup
Reads metabase and initializes HTTP.sys routing table
Creates one entry for each URL to app pool mapping
Determines routing from request to worker process
As application pools and applications are added
Configures HTTP.sys to accept new URL requests
Sets up the request queues for new application pools
Indicates where the new URLs should be routed
WWW Service: Process
Management
During IIS 6.0 operation WWW Service monitors
processes
Determines when to start a worker process
… when to start additional worker processes
… when a worker process has failed or blocked
… when to recycle or restart a worker process
Requests continue to be queued and updated while
an application is being recycled
Process recycling is invisible to client application
Worker Processes
Responsible for handling Web requests for a set of
sites and applications
Each application pool is served by one or more
worker process
Each worker process is self–contained
Receives requests directly from HTTP.sys
Contains Web request processing functionality
Loads ISAPIs: filters and extensions (ASP, ASP .NET,
Microsoft FrontPage® Server Extensions)
Delivers complete isolation from system
components and other Web applications
Worker Processes:
Configuration
Worker process can
be started as:
Network Service
(default)
Local System
Local Service
Configured ID
IIS 6.0 Fault-tolerant
Architecture
Process Mgr
metabase
WWW
Servic
e
Config Mgr
INETINFO
Application
Pool 1
Application
Pool 2
Web Garden
W3WP.exe
W3WP.exe
W3WP.exe
ASP.NET ISAPI
ISAPI
Extensions
(ASP, etc.)
ASP.NET ISAPI
CLR Application
Domain
CLR Application
Domain
HTTP.sys
ISAPI Filters
CLR Application
Domain
CLR Application
Domain
Fault-tolerant Architecture:
Benefits
Dramatically increased reliability
No server reboots
Self healing on application failure
Increased scalability
Simplified server administration
IIS 5.0 Isolation Mode
Some applications may not work in IIS 6.0 worker process
isolation environment
Multiple-instance
Session state persisted in-process
Applications written as read raw
data filters
IIS 6.0 can switch to IIS 5.0 isolation
mode
Everything in user mode operates
as in IIS 5.0
IIS 5.0 methods of application
isolation (low, medium [pooled],
high)
Inetinfo.exe still master process
HTTP.sys performance benefits
 Kernel-mode request queuing
 Kernel-mode caching
Process Health Monitoring
Detects and recovers from thread deadlock
How does it work?
Configurable time limit
WWW Service pings each worker process
If (no response in time limit)
 Default
 Kill process
 Publish event
 Start new process
 Or
User
WWW
Service
Kernel
 Take a configured
action => “Orphaning”
Other application pools keep running
W3WP.exe
Web
application
HTTP.sys
Process Health Monitoring:
Debug Action
Allows for custom action to be executed when
process fails to respond, for example:
Send e-mail to administrator
Attach debugger
Process dump
Process left running
Though WWW Service dropped its process handle
Crash Detection and Rapid Fail
Protection
WWW Service detects
process crash
On failure
Publish event to event log
Check “crash count”
If (Crash count > Max Crashes
in time limit)
Disable application pool
Else start new process if
demand
Rapid Fail Protection
Only allow x crashes in y
minutes
Return 503 errors when invoked
Manageability Features
Configuration Metabase
XML Metabase Advantages
Change Configuration While Running
Metabase Save Options
Metabase Import/Export
Server Configuration Backup/Restore
Improved Patch Management
IIS WMI Provider
Command Line/Script Administration
Web-based Administration Console
Logging
Configuration Metabase: Before
IIS 6.0
Hierarchical store of IIS
configuration information
Enables
Inheritance
Data typing
Change notification
Security
Admin UI
Active Directory
Service Interface
(ADSI)
Admin Base Object
IIS 4.0/IIS 5.0 storage is
proprietary binary file
Metabase.bin
Not easy to read or edit
metabase.bin
Configuration Metabase: IIS 6.0
XML Metabase
Metabase now stored in
XML
Plain text file
Change configuration
while server is running
Automatic backup with
version control
Application configuration
exportable and importable
from file
Import/Export
UI
WMI
ADSI
Admin Base Objects
Metabase.xml
MBSchema.xml
XML Metabase Advantages
Easier to:
Diagnose metabase corruption
Extend existing metabase schema through XML
Read/edit current metabase configuration directly
Completely compatible with existing APIs and ADSI
Existing binary metabases upgrade to XML cleanly
Better performance/scalability
„Faster” read times than IIS 5.0 binary metabase
Equivalent write performance to IIS 5.0 binary metabase
Change Configuration While
Running
Metabase can be
modified while IIS 6.0
is running
To enable, select
“Enable Direct
Metabase Edit”
Does not require
server restart
Can use any text
editor—Notepad .NET,
PERL, etc
Metabase Save Options
Frequency
Save event scheduled 60 seconds after last change
At save event, if the number of writes since the first change
exceeds 30, the save event is deferred 60 seconds
If deferring continues, metabase save occurs 5 minutes from
first change
What happens
Data saved to metabase.xml
WWW Service URL to application pool tables updated
Metabase Import/Export
Export/import metabase config to/from XML
Options include
Export/Import inherited properties
Export/Import node only (or entire subtree)
Password encrypt exported file
Server Independent
Backup/Restore
New
capabilities in
IIS 6.0
Backup with
password
Automatic
backups
UTF-8 Logging Support
IIS 6.0 now supports writing log files in UTF-8
instead of ASCII or local codepage
Configurable at the
WWW service level
Binary Logging
Allows for more than 10,000 sites to write to a
single log file in a binary, non-formatted manner
Improved performance because data does not need to
be formatted
Provides several scalability benefits
Reduction in the number of log file buffers needed
Post-process log file to extract the log entries
Allows for the use of custom tools to process binary
log files
Format of the log entries and file published
Logging of HTTP Substatus
Codes
IIS returns substatus codes for specific types of
problems
Request cannot be served because required application
has not been unlocked (for example, ASP by default on
clean installations)
The client receives 404 error
IIS actually generates a 404.2 error
Errors now logged to W3C and binary log files
Performance and Scalability
Features
Kernel-mode Caching
Resource Accounting and Quality of Service (QoS)
Site Scalability
Idle Timeout and Demand Start
ASP.NET and IIS 6.0 Integration
Kernel-mode Caching
Cached responses
served straight from
HTTP.sys
Can double speed
No user-mode transition
Applications will not see requests
if served from cache
Static and dynamic content
Smart caching
User Application
ASP.NET/CLR
W3WP.EXE (IIS6.0)
User
Kernel
HTTP SYS
Network Stack
Request
Response
Cache
Web Gardens and Processor
Affinity
Web Gardens
Application pool with
multiple worker processes
Connection-based routing
within garden
Processor Affinitization
Bind processes to one or
more CPUs
Mask-based configuration
Web Garden
Application Pool
Worker Process
WWW
Servi
ce
ISAPI
Extension
ISAPI Filter
HTTP.sys
Resource Accounting and Quality
of Service (QoS)
Ensures that components or content do not
monopolize server resources
Allows administrator to control resources used by sites, application pools, WWW
service, and so on
Ensures quality of service that other services/sites/applications on the system
receive by limiting the resources consumed by particular Web sites/applications,
and/or the WWW service itself
QoS features:
Connection limits
Connection timeouts
Application pool queue length limits
Bandwidth throttling
Process accounting
Memory-based recycling
Site Scalability
Targeting many thousands of sites per machine
Current suggested maximum is 20000 sites
Re-architected Startup/Shutdown routines for lazy
site initialization
Centralized, binary logging
Option to have one central log file per computer rather
than tens of thousands when doing dense hosting
Other Platform Improvements
64-bit support
Code base compiled for 32-bit and 64-bit platforms
Internet Protocol version 6 (IPv6) Support
Production-ready IPv6 stack
If IPv6 protocol stack is installed, IIS 6.0 will
automatically handle HTTP requests that arrive over IPv6
Granular Compression
On congested network, useful to compress responses
In IIS 5.0, compression was an ISAPI filter and could only be
enabled for the whole server
IIS 6.0 allows file level compression
Security Features
Locked down by default
Multiple levels of security
Unlocking Functionality
Application Isolation
Network Service Account
SSL v3 Improvements
Configurable Worker Process ID
Passport Authentication
Windows Server 2003 Authorization Framework
Constrained Delegated Authentication
FTP Security Features
Locked Down By Default
IIS is not installed by install or upgrade default
Except on Windows Server 2003, Web Edition
When initially installed, only requests for static
content allowed by default
For example: HTML, text, .jpg, .bmp
No ASP, ASP.NET, CGI, or other dynamic content is allowed (unless ASP or ASP.NET
has been installed)
Aggressive, secure default timeouts
Additional content types must be specifically
enabled
Group Policy can be used to prevent IIS installs on
workstations or inappropriate servers
Multiple Levels of Security
IIS only serves recognized file extensions
Unrecognized extensions are refused
File verification
Server verifies that content exists before giving request
to request handler (ISAPI extension)
Buffer overflow protection
Worker process detects and exits program if buffer
overflow detected
Command-line tools inaccessible to Web users
Upload data limitations defined by administrators
Multiple Levels of Security
Write-protected content
Anonymous users cannot modify content
Access Control List (ACL) settings
Command line files
Content
Logfiles
Custom error directory
On cache directories
No executable virtual directories
/SCRIPTS and /MSADC
Unlocking Functionality
In default install, administrator must manually
enable:
ISAPI
CGI
ASP
ASP.NET
FPSE
WebDAV
Server Side
Includes
Enable using command-line, script, or GUI
Application Isolation
One IIS 6.0 server can securely host many Web
sites and applications
Application pools provide unit of isolation
Isolation is achieved through:
Configurable worker process identity
Bandwidth and CPU throttling
Memory-based recycling
Configurable Worker Process
Identity
Each worker process
can be run as
Network Service
Local System
Local Service
Configured ID
IIS_WPG
New user group
IIS resource ACLs
configured for this group
Network Service Account
New built-in account
Very few privileges
Adjust memory quotas for a process
Generate security audits
Logon as a service
Replace process level token
Impersonate a client after
authentication
Allow logon locally
Access this computer from the
network
Provides additional
security because
worker processes
have few rights
SSL Improvements
Performance
Faster and more scalable than IIS 5.0
Remotable Certification Object
In IIS 5.0, could not remotely manage SSL certificates because CSP
is not remotable
CertObject allows remote certificate management
Selectable Crypto-Service Provider
Enables easy selection of third-party Crypto application
programming interface (CAPI) providers
Hardware SSL accelerators
SSL Improvements
SSL StreamFilter is hosted in LSASS.exe process
(can give up to 25% throughput gains in SSL loads)
Aggressive SSL thread pool
Significant performance work on multiprocessor
machines
Increases up to 2X for some workloads on 8P computers
Microsoft Passport
Authentication
Integrated with
Windows Server 2003
Can assign permissions
to resources with
Passport accounts
Map Passport
credentials to Microsoft
Active Directory®
accounts
Windows Server 2003
Authorization Framework
IIS 5.0 authorization model is resource-ACL based
Object-oriented permissions
Web applications are operation/task-driven, not
object-driven
Application had to provide operation/task access control
IIS 6.0 extends the Windows Server 2003
authorization framework
URL-specific authorization
Authorization Manager
Application-specific access
FTP Security Features
IIS 6.0 isolates users into their own directories
Locks user’s FTP session to a directory under FTP
root
Authenticates using local or domain account
Using Active Directory account
Using local account
Anonymous access with user isolation
FTP Security Features
Isolation levels
Compatibility/
no isolation
Small business/
stand-alone
isolation
Enterprise
isolation using
Active Directory
integration