Transcript TNT1-84 Managing Internet Information Services 6.0
Managing Internet Information Services 6.0
Microsoft Corporation
What we will cover:
New IIS 6.0 architecture IIS 6.0 processing components Managing Web Sites Managing FTP Sites FTP User isolation modes XML Metabase structure Managing the XML Metabase
Prerequisite Knowledge
Experience administering IIS 4.0 or 5.0
Experience support Web sites and Web applications Familiarity with the Windows 2000/2003 user interface
Level 200
Agenda
IIS 6.0 Architecture Managing Web Sites Managing FTP Sites Managing the XML Metabase
IIS 6.0 Architecture
IIS 6.0 Internals
Inetinfo.exe
Hosts Only Metabase + FTP/SMTP/NNTP
HTTP.SYS
Kernel-mode HTTP Listener/Responder
Replaces use of Winsock for IIS
W3SVC
Manages worker processes
Worker Processes
Process Web requests
IIS 6.0 Architecture
HTTP.SYS
Kernel-mode device driver
Receives HTTP requests
Routes requests to worker processes
Sends HTTP Responses
Does not process the requests!
Performs other services
IIS 6.0 Architecture
Worker Processes
User-mode applications
Process named W3WP.EXE
Role is to process requests
Return static pages
Invoke ISAPI extensions
Run CGI handlers
Run application code
Uses HTTP.SYS for Send/Receive
Managed by the W3SVC
IIS 6.0 Architecture
Web Administration Service (W3SVC)
Manages worker processes
At initialization time:
Constructs HTTP.SYS namespace routing table
Starts worker processes
When first request is received by HTTP.SYS
Manages worker processes
Monitors worker process health
Starts/stops, recycles etc.
Does not process requests
IIS 6.0 Architecture
Architecture Graphic INETINFO.exe
metabase ftp, smtp, nntp W3SVC Configuration Manager Application Pool Manager Web Publishing App Pool W3WP.exe
Single App ISAPI Ext ISAPI Filters Administration Monitoring App Pool W3WP.exe
Multiple Apps ISAPI Ext ISAPI Filters App Pool App Pool Single W3WP.exe
App ISAPI Ext App ISAPI Ext ISAPI Ext ISAPI ISAPI Filters ISAPI Filters Filters User mode Kernel mode HTTP.SYS
Listener Response Cache Sender
IIS 6.0 Architecture
Application Protection Architecture
No more application protection modes
In-process, out-of-process, pooled
Application pools are used to isolate apps
IIS 6.0 supports multiple application pools
Worker processes are assigned to application pools
Default is one worker process per pool
You may configure more
IIS 6.0 Architecture
Evolution of Application Protection Version IIS 4.0
IIS 5.0
Mode In Process Out-of Process In Process Out-of Process Pooled Out-of Process Performance Fast Slow Fast Faster than IIS 4.0, but still too slow Fast Issues Dangerous. An application crash will take down the Web server service.
Web service is protected, but this model doesn't scale well. Running too many sites out-of-process slows the server.
Dangerous. An application crash will take down the Web server service. Web service is protected. Model scales better than in IIS 4.0, but performance and scalability still aren't the best.
Best scalability-isolation tradeoff. But there is only one pool on a server, all pooled applications must use the same pool.
IIS 6.0 Architecture
Application Pool Flexibility
Create as many pools as you like
Configure pools however you wish
To isolate a site or application
Run an app in a pool by itself
To create application pools
Assign multiple apps to a pool
IIS 6.0 Architecture
Application Pool Recycling Recycle after:
X minutes active
After X requests At specific times Recycle after specified amount of memory used Control memory leaks and heap corruption
IIS 6.0 Architecture
Health Monitoring
Enable pinging and set the interval Enable RFP and set the threshold Limit startup time Limit shutdown time
IIS 6.0 Architecture
Application Pool Recommendations
Put critical sites/apps in their own pool
Pool non-critical, well-behaved sites and apps where feasible
Conserves server resources
Sites/apps from a single or customer
Create a “Timeout" application pool
Configure aggressive recycling settings
Put troublesome sites/apps into the Timeout pool
IIS 6.0 Architecture
IIS Isolation Modes
IIS 6.0 supports two process isolation modes
Worker Process Isolation Mode
Preferred Mode for IIS 6.0
IIS 5.0 Isolation Mode
Provides backward compatibility for Web applications
Very similar to IIS 5.0
Each request must traverse Inetinfo.exe
Does not have Application Pools or Recycling
IIS 6.0 Architecture
Isolation Modes Compared IIS Function Manage IIS Metabase Inetinfo.exe
HTTP.SYS configuration N/A Worker process management Worker process Running in-process ISAPI extensions Running out-of-process ISAPI extensions N/A N/A Inetinfo.exe
DLLHost.exe
Running ISAPI filters Inetinfo.exe
HTTP protocol support FTP, NNTP, SMTP IIS 5.0 Inetinfo via Winsock Inetinfo.exe
IIS 5.0 IM Inetinfo.exe
W3SVC N/A N/A Inetinfo.exe
DLLHost.exe
Inetinfo.exe
HTTP.SYS
Inetinfo.exe
WP IM Inetinfo.exe
W3SVC W3SVC w3wp.exe
w3wp.exe
N/A w3wp.exe
HTTP.SYS
Inetinfo.exe
IIS 6.0 Architecture
Isolation Mode Defaults
Defaults are different based on install
New Install: Worker Process
Upgrade from IIS 4.0 or 5.0: IIS 5.0 mode
Upgrade from IIS 6.0: Mode is preserved
Upgrade recommendations:
Setup a new computer running IIS 6.0 in worker process isolation mode
Test applications on new IIS 6.0 computer
Migrate applications to new server after testing is complete
IIS 6.0 Architecture
Security
More secure installation by default
IIS isn’t installed by default
IIS is locked down by default
Can only serve static pages unless configured
Web Service Extensions
Allow or disallow extensions and cgi’s
Permissions enforcement
Same as IIS 5.0
Demonstration 1
IIS 6.0 Architecture
Configure Application Pools View Recycling View Web Service Extensions
Agenda
IIS 6.0 Architecture Managing Web Sites Managing FTP Sites Managing the XML Metabase
Managing Web Sites
Web Publishing in IIS 6.0
Web Publishing are very similar to IIS 5.0
Same tabs, and configuration options
Master properties pages have moved
Web Sites object
Biggest changes are:
Flexibility provided by application pools
Modular Installation
NAS support
FPSE 2002 support
Managing Web Sites
Modular Installation
Many familiar services and component are not installed by default in Windows Server 2003
IIS and FrontPage Server Extensions
Installing IIS
Configure Your Server Wizard
Add/Remove programs
Adding application support in IIS
Enable through Web Service Extensions
Managing Web Sites
NAS Configuration
Demonstration 2
Managing Web Sites
Creating Web Sites Configuring Web Sites Verifying Application Pool IDs
Agenda
IIS 6.0 Architecture Managing Web Sites Managing FTP Sites Managing the XML Metabase
Managing FTP Sites
FTP Services in IIS 6.0
FTP basically the same was in IIS 5.0
One big change – FTP isolation modes
Issue with previous FTP versions:
Users could navigate up the folder tree
Lockdown required granular permissions
FTP Isolation modes
Make user’s home folder appear as root
Prevents navigation up the directory tree
Makes permissions assignments much easier
Managing FTP Sites
No Isolation
No isolation
Configured at FTP site creation
Metabase: UserIsolationMode=“0”
Users can navigate to all folders
Can be secured with NTFS permissions
Uses
Shared download/upload sites
Non-secure Intranets
Managing FTP Sites
Isolate Users Mode
Isolated by login account name
Metabase: UserIsolationMode=“1”
User account matched to folder name
All folders are under single FTP root folder
Subfolders required based on account origin
Examples
D:\FTPRoot\localuser\ joe for the local account “joe” D:\FTPRoot\MyDom\ amy is for the “Amy” account from the domain named “MyDom”
User’s folder becomes FTP Root
Managing FTP Sites
Active Directory Isolation Mode
Users are directed to home folder listed on Active Directory user account
Metabase: UserIsolationMode=“2”
Uses Active Directory account information
Home directory on profile tab
UNC path must be accessible
Users home directory becomes FTP Root
Additional steps are required
Set FTProot and FTPdir account properties
Useful in corporate intranets
Demonstration 3
Managing FTP Sites
FTP Site Properties FTP User Isolation Mode
Agenda
IIS 6.0 Architecture Managing Web Sites Managing FTP Sites Managing the XML Metabase
Managing the XML Metabase
Evolution of the IIS Metabase
Metabase contains IIS configuration
Issues with IIS 4.0 and 5.0 Metabase:
Proprietary format
Difficult to manage
IIS 6.0 metabase:
XML formatted plain text
Easy to read and edit with text editors
Metabase files:
MBSchema.xml and Metabase.xml
Managing the XML Metabase
XML Structure
Element: A logical unit of information
Surrounded by
Attributes
Name/value pairs
Provides more information about element
Attributes are IIS configuration parameters Example: AnonymousUserName=“IUSR_SRV1”
An Attribute of
Managing the XML Metabase
Administering the Metabase
Edit with text editors and common tools
Easier to diagnose metabase corruption
Extend metabase schema with XML
Supports edit while running
Changes take effect immediately
Make bulk changes
ADSI and WMI scripting providers
You can use your old scripts
Managing the XML Metabase
Metabase History
Automatic configuration rollback
If metabase is written to disk:
A copy written to the history folder
Each version is marked with a unique number
Easy to restore configuration
Server object | All Tasks | Backup/Restore Configuration
Makes it easy to test and roll-back
Safely test applications
Managing the XML Metabase
Template Configuration
You can save IIS configuration to a file
Save from any node
Import templates to create IIS objects
Quickly add standardized Web/FTP sites
Export entire server configuration
Make machine independent backups
Clone existing server configurations
Demonstration 4
Managing the XML Metabase
Metabase Format Editing the Metabase Template Configuration
Session Summary
IIS 6.0 is complete rearchitected Application pools isolate applications Application pools are highly configurable Web sites are assigned to application pools FTP support user isolation The Metabase is XML formatted text You can edit the Metabase while IIS is running
For More Information…
Main TechNet Web site at www.microsoft.com/technet This session’s resource page www.microsoft.com/technet/tnt1-84
For More Information…
IIS 6.0 Technical Overivew
www.microsoft.com/windowsserver2003/te chinfo/overview/iis.mspx
What’s new in IIS 6.0
www.microsoft.com/windowsserver2003/ev aluation/overview/technologies/iis.mspx
MS Press
Inside information for IT Professionals To find the latest IT Professional related titles visit www.microsoft.com/mspress/it/
3rd Party Publications
Supplementary publications for IT Pro’s These books can be found and purchased at all good book stores and on-line retailers
Become a Microsoft Certified Systems Administrator (MCSA)
What is the MCSA certification?
For professionals who implement, manage, and troubleshoot existing network and system environments based on Microsoft Windows 2000 platforms How do I become an MCSA on Microsoft Windows 2000?
Pass 3 core exams Pass 1 elective exam or 2 CompTIA certifications Where do I get more information?
For more information about certification requirements, exams, and training options, visit www.microsoft.com/mcsa
Become A Microsoft Certified Systems Engineer (MCSE)
What is the MCSE certification?
Premier certification for professionals who analyze the business requirements and design and implement the infrastructure for business solutions based on the Microsoft server software. How do I become an MCSE on Microsoft Windows 2000?
Pass 4 core exams
Pass 1 design exam Pass 2 elective exams from a comprehensive list Where do I get more information?
For more information about certification requirements, exams, and training options, visit www.microsoft.com/mcse
Assess your Readiness
Microsoft Skills Assessment
What is Microsoft Skills Assessment?
Self-study learning tool to evaluate readiness for product and technology solutions, instead of job-roles (certification) Windows Server 2003 assessments available now, .NET Developer late May, Exchange Server 2003 in mid-2003 Free, online, unproctored, and available to anyone Answers, “Am I ready?” Determines skills gaps, provides learning plans with Microsoft Official Curriculum courses, plus more Microsoft learning content suggestions such as TechNet resources Post your High Score to see how you stack up
visit http://www.microsoft.com/assessment
What is TechNet?
Put the right answers at your fingertips
TechNet is the comprehensive collection of resources to help IT implementers plan, deploy and manage Microsoft products successfully TechNet Subscription TechNet Web Site TechNet Flash TechNet Events and Web Casts TechNet Communities
Monthly updates delivered on DVD or CD
The definitive resource to help you evaluate, deploy and maintain Microsoft products
Accessible at www.microsoft.com/technet
Online resources and community Subscriber-only Online Services
Bi-weekly e-newsletter
Security updates, new resources, and special offers
Briefings on the latest Microsoft products and technologies
Hands on, “how to” information
User Groups
Managed Newsgroups
The TechNet Subscription
TechNet is a monthly subscription service that provides the tools, software, and resources that an IT professional needs to efficiently plan, deploy, manage, and support Microsoft products. A TechNet Subscription is proven to save you or your company time and money.
If you’re an IT professional working in technical support, network or systems administration, or technology architecture, TechNet was created for you.
“
You have everything you need to solve problems in one place” – Wayne Brown, VP Information Technology, Heald College
Where Can I Get TechNet?
Visit TechNet Online at www.microsoft.com/technet
Register for the TechNet Flash www.microsoft.com/technet/usingtn/register/flash.asp
Join the TechNet Online forum at www.microsoft.com/technet/itcommunity
Become a TechNet Subscriber at www.microsoft.com/technet/buynow/subscribe
Attend More TechNet Events or view on-line www.microsoft.com/technet/tcevents/itevents