a considerate solution of iis for trouble handling with applications and websites. by manish kumar...
TRANSCRIPT
A considerate solution of A considerate solution of IIS for trouble handling IIS for trouble handling with Applications and with Applications and Websites.Websites.
ByByManish KumarManish KumarWeb Server AdministratorWeb Server AdministratorKochhar LexServe Pvt. Ltd.Kochhar LexServe Pvt. Ltd.
AgendaAgenda
IIS 6.0 – an overviewIIS 6.0 – an overview Reliability – a new process modelReliability – a new process model SecuritySecurity Performance and scalabilityPerformance and scalability Improving manageabilityImproving manageability
ConsiderationsConsiderations ResourcesResources Q&AQ&A
ReliabilityReliability A New Architecture for IIS 6.0 W3SVCA New Architecture for IIS 6.0 W3SVC
GOAL: permit complete GOAL: permit complete application isolation from other application isolation from other Web applications and the core Web applications and the core Web serverWeb server
Web Service functionality in Web Service functionality in INETINFO split out to do this:INETINFO split out to do this: HTTP.sys: kernel mode listener HTTP.sys: kernel mode listener
and request routerand request router W3SVC: now the configuration W3SVC: now the configuration
and process managerand process manager W3Core: where Web applications W3Core: where Web applications
are processedare processed Multiple W3Core DLLs loaded Multiple W3Core DLLs loaded
into W3WP.exe filesinto W3WP.exe files Two process model modesTwo process model modes
[Default] worker process [Default] worker process isolation modeisolation mode
IIS 5.0 isolation modeIIS 5.0 isolation mode
HTTP.SYSHTTP.SYSke
rnel
kern
el
W3SVCW3SVC W3CoreW3Core
WebWebappapp
ReliabilityReliability A Reminder – Process Model for IIS 5.0A Reminder – Process Model for IIS 5.0
INETINFO.exeINETINFO.exe
metabasemetabase ftp, smtp, ftp, smtp, nntpnntp
W3SVCW3SVC
WinsockWinsock
ISAPI FiltersISAPI Filters
In-procIn-proc
AppsApps
ASP.NETASP.NET
.Net App .Net App DomainDomain
.Net App .Net App DomainDomain
.Net App .Net App DomainDomain
ASPNET_WP.exeASPNET_WP.exe
Pooled Pooled OOP AppsOOP Apps
DLLHOST.exeDLLHOST.exe
Isolated Isolated OOP AppOOP App
DLLHOST.exeDLLHOST.exe
Isolated Isolated OOP AppOOP App
DLLHOST.exeDLLHOST.exe
Isolated Isolated OOP AppOOP App
DLLHOST.exeDLLHOST.exe
User mode
Kernel mode
ReliabilityReliability IIS 6.0 Worker Process Isolation ModeIIS 6.0 Worker Process Isolation Mode
INETINFO.exeINETINFO.exe
metabasemetabase
ftp, smtp, ftp, smtp, nntpnntp
User mode
Kernel mode
HTTP.SYSHTTP.SYS
W3SVCW3SVC
SVCHOST.exeSVCHOST.exe
W3
Co
nfi
g M
gr
W3
Co
nfi
g M
gr
W3
Pro
ce
ss
Mg
rW
3 P
roc
es
s M
gr
W3CoreW3Core
ISAPI FiltersISAPI Filters
W3WP.exeW3WP.exe
All AppsAll Apps
(no OOP)(no OOP)
Application PoolApplication Pool
W3CoreW3Core
ISAPI FiltersISAPI Filters
W3WP.exeW3WP.exe
All AppsAll Apps
(no OOP)(no OOP)
Application PoolApplication Pool
W3CoreW3Core
W3WP.exeW3WP.exe
Application PoolApplication Pool
ASP.net AppsASP.net Apps
.Net App .Net App DomainDomain
.Net App .Net App DomainDomain
.Net App .Net App DomainDomain
ReliabilityReliabilityApplication PoolsApplication Pools
Can create one or more Can create one or more application poolsapplication pools Each served by one or Each served by one or
more W3WP.exe filesmore W3WP.exe files Each W3WP.exe serves Each W3WP.exe serves
only one poolonly one pool Requests routed directly to Requests routed directly to
pool by HTTP.syspool by HTTP.sys
Isolate applications Isolate applications based on:based on: Site/CustomerSite/Customer FunctionalityFunctionality ReliabilityReliability
ReliabilityReliabilityPeriodic Process RecyclingPeriodic Process Recycling
What is it?What is it? Periodically restart Periodically restart
applications based on:applications based on: [Default] uptime[Default] uptime number of requestsnumber of requests Scheduled timeScheduled time Memory consumptionMemory consumption On-demandOn-demand
Why use it?Why use it? Refresh applications to Refresh applications to
ensure availabilityensure availability Prevent bad applications from Prevent bad applications from
taking over the systemtaking over the system Effect on applicationsEffect on applications
In-process state or cache lost In-process state or cache lost on recycleon recycle
Possible multi-instance Possible multi-instance issuesissues
ReliabilityReliabilitySelf-Healing ArchitectureSelf-Healing Architecture Health check (pinging) - What Health check (pinging) - What
is it?is it? Designed to detect W3WP.exe Designed to detect W3WP.exe
thread deadlockthread deadlock Will engage if there are no Will engage if there are no
threads in W3WP.exe threads in W3WP.exe available to respond in timeavailable to respond in time
How does it work?How does it work? W3SVC will “ping” each W3SVC will “ping” each
W3WP.exeW3WP.exe Process has a configured Process has a configured
time limit to respondtime limit to respond If (no response in time limit)If (no response in time limit)
Default: kill process, Default: kill process, publish event, and start publish event, and start new processnew process
Or: can be configured to Or: can be configured to take a configured action take a configured action on process => on process => “Orphaning”“Orphaning”
ASP and ASP.NET uses the ASP and ASP.NET uses the ping to request a recycle if ping to request a recycle if they are unhealthythey are unhealthy
ReliabilityReliabilityCrash Detection and RecoveryCrash Detection and Recovery
Crash detectionCrash detection W3SVC detects W3WP.exe W3SVC detects W3WP.exe
“crash”“crash” W3SVC will start new W3SVC will start new
W3WP.exe if there is W3WP.exe if there is demanddemand
Requests queued in Requests queued in HTTP.sys while new HTTP.sys while new W3WP startedW3WP started
Net effect: no Interruption Net effect: no Interruption in servicein service
Rapid fail protectionRapid fail protection Only allow Only allow xx crashes in crashes in yy
minutesminutes Automatically stop pool if Automatically stop pool if
this value is exceeded – this value is exceeded – 503s to requests for this 503s to requests for this poolpool
ReliabilityReliabilityApplication ConsiderationsApplication Considerations Design applications to be recycledDesign applications to be recycled
Persist state/caches external to host processPersist state/caches external to host process For ASP.NET, use External session state service or For ASP.NET, use External session state service or
Microsoft® SQL Server™ to store stateMicrosoft® SQL Server™ to store state Be aware of multi-instance issuesBe aware of multi-instance issues
May be encountered during:May be encountered during: Recycles – overlap by default, but can disable overlap recycle Recycles – overlap by default, but can disable overlap recycle
or recycling altogetheror recycling altogether Two application pools loading the same application codeTwo application pools loading the same application code
If unable to change code, assign all URLs to the same poolIf unable to change code, assign all URLs to the same pool ““IIS 5-isms” – dependencies on IIS 5.0 behaviorsIIS 5-isms” – dependencies on IIS 5.0 behaviors
Running as LocalSystemRunning as LocalSystem Global data filtersGlobal data filters If the above cannot be worked around, run IIS 6.0 in IIS 5.0 If the above cannot be worked around, run IIS 6.0 in IIS 5.0
isolation modeisolation mode Loads W3Core into INETINFO, same IIS 5.0 OOPLoads W3Core into INETINFO, same IIS 5.0 OOP
Security on IIS 6.0Security on IIS 6.0Secure on InstallationSecure on Installation
Clean installationClean installation IIS not installed on a IIS not installed on a
clean install by defaultclean install by default Use Configure Your Use Configure Your
Server Wizard to install Server Wizard to install application server role – application server role – installs:installs: IIS 6.0IIS 6.0 FPSE (not enabled)FPSE (not enabled) ASP.NET (not enabled)ASP.NET (not enabled)
Upgrade installationUpgrade installation W3SVC disabled unless W3SVC disabled unless
URLScan is installed URLScan is installed before upgradebefore upgrade
Security on IIS 6.0Security on IIS 6.0Attack Surface ReducedAttack Surface Reduced
Restriction listRestriction list Only execute requests for Only execute requests for
“allowed” extensions and CGIs“allowed” extensions and CGIs No extensions or CGIs allowed No extensions or CGIs allowed
by defaultby default 404.2 returned if request for 404.2 returned if request for
“prohibited” extension or CGI“prohibited” extension or CGI Use Use Web Service ExtensionsWeb Service Extensions
node in MMC to “allow” and node in MMC to “allow” and “prohibit” extensions and CGIs“prohibit” extensions and CGIs
Known file extensionsKnown file extensions Only serve requests that are Only serve requests that are
defined in MIMEMAPdefined in MIMEMAP 404.3 for requests not in 404.3 for requests not in
MIMEMAPMIMEMAP ConsiderationsConsiderations
If using Visual Studio® .NET – If using Visual Studio® .NET – define .tmp files in MIMEMAPdefine .tmp files in MIMEMAP
Visual Studio .NET to fix this in Visual Studio .NET to fix this in SP1SP1
Security in IIS 6.0 Security in IIS 6.0 Configurable Worker Process IdentityConfigurable Worker Process Identity
Worker process can be Worker process can be started as:started as: Network service (default)Network service (default) Local systemLocal system Local serviceLocal service Configured IDConfigured ID
IIS_WPGIIS_WPG New user group New user group IIS resources put into an IIS resources put into an
ACL in this groupACL in this group Will get 503s if Will get 503s if
configurable account is not configurable account is not part of IIS_WPGpart of IIS_WPG
ConsiderationsConsiderations Passport Active Directory® Passport Active Directory®
mapping requires local mapping requires local systemsystem
Kerberos might require Kerberos might require additional configuration for additional configuration for this IDthis ID
Security in IIS 6.0Security in IIS 6.0 Secure Changes from IIS 5.0Secure Changes from IIS 5.0
Sub authentication is not installed by default on Sub authentication is not installed by default on clean installationsclean installations Effect = passwords might expire for IWAM and IUSR Effect = passwords might expire for IWAM and IUSR
accountsaccounts Solution = must install SubAuth or come up with own Solution = must install SubAuth or come up with own
synchronization schemesynchronization scheme
URLs restricted to maximum length of 16 KB with URLs restricted to maximum length of 16 KB with more restrictive parsingmore restrictive parsing No special chars, etc.No special chars, etc.
Content in Inetpub is now overwrite protectedContent in Inetpub is now overwrite protected Command-line tools limited to the administrators Command-line tools limited to the administrators
group onlygroup only
Security in IIS 6.0 Security in IIS 6.0 RecommendationsRecommendations
Do a clean installation vs. upgrade – more secure Do a clean installation vs. upgrade – more secure by defaultby default No lockdown tool yet for IIS 6.0 to handle upgrade caseNo lockdown tool yet for IIS 6.0 to handle upgrade case
Run application pool W3WP.exe files as Network Run application pool W3WP.exe files as Network Service (default)Service (default)
Only “allow” extensions that are vital to all Only “allow” extensions that are vital to all applicationsapplications Prohibit everything else to reduce attack surfaceProhibit everything else to reduce attack surface
Check IIS hit logs and HTTPERR logCheck IIS hit logs and HTTPERR log IIS hit logs – substatus codes logged for W3C and binary-IIS hit logs – substatus codes logged for W3C and binary-
formatted filesformatted files HTTPERR – detail on reason for 503s and connection HTTPERR – detail on reason for 503s and connection
terminationsterminations
Performance in IIS 6.0Performance in IIS 6.0Caching Responses in HTTP.SYSCaching Responses in HTTP.SYS
Cached dynamic content served straight from HTTP.SYSCached dynamic content served straight from HTTP.SYS Could run double speed when served from kernel – no user-Could run double speed when served from kernel – no user-
mode transitionmode transition Your applications will not see requests if served from cache Your applications will not see requests if served from cache Static files cached by defaultStatic files cached by default
Smart caching - only “hot” static content cached Smart caching - only “hot” static content cached
Invalidation API callbackInvalidation API callback Also leverage “Expires” header to automatically set Also leverage “Expires” header to automatically set
“staleness” timeout for cached responses“staleness” timeout for cached responses ConsiderationsConsiderations
Use for dynamic responses if they can be “stale” for a period of Use for dynamic responses if they can be “stale” for a period of timetime
Lessens load on Web server if response from cache can be servedLessens load on Web server if response from cache can be served ASP.NET => use ASP.NET => use OutputCache Location=“Server”OutputCache Location=“Server” directive to directive to
mark response as cacheablemark response as cacheable
Performance in IIS 6.0Performance in IIS 6.0Capacity Planning TracingCapacity Planning Tracing
Hooks at key positions during request lifetime, from start Hooks at key positions during request lifetime, from start of request to final send of response:of request to final send of response: HTTP Start, Route, Cache Hit, EndHTTP Start, Route, Cache Hit, End ISAPI Filter Start/Stop (filter name, notification)ISAPI Filter Start/Stop (filter name, notification) ISAPI Extension Start/StopISAPI Extension Start/Stop ASP Start/StopASP Start/Stop ASP.net Start/StopASP.net Start/Stop
Useful in debugging as well – Where is my request Useful in debugging as well – Where is my request blocked? blocked?
Customer exampleCustomer example Uses this to find high CPU-usage pagesUses this to find high CPU-usage pages Also used to diagnose where the delay isAlso used to diagnose where the delay is
W3CoreW3Core
ISAPI FiltersISAPI Filters
W3WP.exeW3WP.exe
All AppsAll Apps
(no OOP)(no OOP)
W3CoreW3Core
ISAPI FiltersISAPI Filters
W3WP.exeW3WP.exe
All AppsAll Apps
(no OOP)(no OOP)
Performance in IIS 6.0Performance in IIS 6.0Web Gardens and Processor AffinityWeb Gardens and Processor Affinity
Web GardensWeb Gardens Application pool with more Application pool with more
than one worker processthan one worker process Connection-based routing Connection-based routing
within Gardenwithin Garden Processor affinitizationProcessor affinitization
Bind application pool Bind application pool processes to one or more processes to one or more CPUsCPUs
Mask-based configurationMask-based configuration ConsiderationsConsiderations
Web GardensWeb Gardens Possible multi-instance Possible multi-instance
issuesissues Recycling – possible all-Recycling – possible all-
at-onceat-once AffinitizationAffinitization
Create virtual silos of work Create virtual silos of work on large MP boxeson large MP boxes
Affinitize based on MP Affinitize based on MP architecture (bind to CPUs architecture (bind to CPUs on same pod)on same pod)
W3SVCW3SVC
SVCHOST.exeSVCHOST.exe
W3
Co
nfi
g M
gr
W3
Co
nfi
g M
gr
W3
Pro
ce
ss
Mg
rW
3 P
roc
es
s M
gr
W3CoreW3Core
ISAPI FiltersISAPI Filters
W3WP.exeW3WP.exe
All AppsAll Apps
(no OOP)(no OOP)
Web GardenWeb Garden
Application PoolApplication Pool
HTTP.SYSHTTP.SYS
kern
elke
rnel
Performance in IIS 6.0Performance in IIS 6.0Idle Timeout and Demand StartIdle Timeout and Demand Start Idle timeoutIdle timeout
Time out and shut down idle processes if process is idle for Time out and shut down idle processes if process is idle for given period of timegiven period of time
Frees resources for active applicationsFrees resources for active applications Applications still available even if worker process idles out Applications still available even if worker process idles out
and is shutdown! and is shutdown! Demand startDemand start
Only start worker process if there is demand for the Only start worker process if there is demand for the application poolapplication pool
ConsiderationsConsiderations Use idle timeout to free resources for other heavy-use Use idle timeout to free resources for other heavy-use
applicationsapplications Consider disabling idle timeout if application startup takes a Consider disabling idle timeout if application startup takes a
long timelong time Note: will cause idle processes to terminateNote: will cause idle processes to terminate
Loss of in-memory cacheLoss of in-memory cache
Manageability in IIS 6.0Manageability in IIS 6.0Metabase ImprovementsMetabase Improvements
XML MetabaseXML Metabase Metabase now stored in Metabase now stored in
XMLXML Auto-versioning: like an Auto-versioning: like an
automatic backupautomatic backup Edit while runningEdit while running
Make changes directly to Make changes directly to the Metabase.xml file the Metabase.xml file while while IIS is runningIIS is running
Any editor can be used – Any editor can be used – Notepad .NET, PERL, etc.Notepad .NET, PERL, etc.
ConsiderationsConsiderations Safer and more secure to Safer and more secure to
use ADSI or UI to make use ADSI or UI to make changes to metabasechanges to metabase
Note: Metabase.bin still Note: Metabase.bin still exists, but only as a stub exists, but only as a stub file for legacy backup file for legacy backup applicationsapplications
Admin Base ObjectsAdmin Base Objects
ADSIADSI UIUI
Metabase.xmlMetabase.xml MBSchema.xmlMBSchema.xml
Manageability in IIS 6.0Manageability in IIS 6.0Metabase Improvements – Import/ExportMetabase Improvements – Import/Export
Export/import metabase Export/import metabase configuration to/from XMLconfiguration to/from XML
Options include:Options include: Export/Import inherited Export/Import inherited
propertiesproperties Export/Import node only (or Export/Import node only (or
entire subtree)entire subtree) Password-encrypted exported Password-encrypted exported
filefile Use with ASP.NET XCOPY Use with ASP.NET XCOPY
deployment of applicationsdeployment of applications1.1. Export IIS 6.0 metabase Export IIS 6.0 metabase
configuration for .NET configuration for .NET applicationapplication
2.2. Store in .NET application Store in .NET application directorydirectory
3.3. Import application metabase Import application metabase configuration file after XCOPYconfiguration file after XCOPY
Admin Base ObjectsAdmin Base Objects
ADSIADSI UIUI
Metabase.xmlMetabase.xml MBSchema.xmlMBSchema.xml
Manageability in IIS 6.0Manageability in IIS 6.0WMI Provider and New Command Line ToolsWMI Provider and New Command Line Tools
IIS WMI ProviderIIS WMI Provider Query supportQuery support AssociationsAssociations ScriptableScriptable
New command-line toolsNew command-line tools Task-based approachTask-based approach Supported tools – currently in Supported tools – currently in
%windir%\system32%windir%\system32 Based on WMI ProviderBased on WMI Provider Example: use IISCNFG.vbs as Example: use IISCNFG.vbs as
part of .NET application part of .NET application migration strategy between migration strategy between two IIS 6.0 boxestwo IIS 6.0 boxes
Admin Base ObjectsAdmin Base Objects
ADSIADSI UIUIWMIWMI
Metabase.xmlMetabase.xml MBSchema.xmlMBSchema.xml
Command Command Line ToolsLine Tools
SummarySummary
IIS 6.0 was made better by making Web IIS 6.0 was made better by making Web applications more:applications more: SecureSecure ReliableReliable ScalableScalable ManageableManageable
ResourcesResources
IIS 6.0 Overview on TechNet: IIS 6.0 Overview on TechNet:
http://www.microsoft.com/windows.netserver/evaluation/overview/technologies/iis.mspx
IIS 6.0 Technical Overview:IIS 6.0 Technical Overview:http://www.microsoft.com/windows.netserver/docs/IISOverview.doc
Thank you for joining.Thank you for joining.
For any doubt and query in future about IIS6.0, Please For any doubt and query in future about IIS6.0, Please
visit: visit:
http://manishmishramcp.wordpress.com/iishttp://manishmishramcp.wordpress.com/iis
Your feedback is sincerely appreciated. Please send any Your feedback is sincerely appreciated. Please send any
comments or suggestions on the given address:comments or suggestions on the given address:[email protected]