improved security modular design results allow: reduced installation footprint customized,...
TRANSCRIPT
Introducing IIS7:Introducing IIS7:Microsoft’s Microsoft’s
Next Generation Next Generation Web ServerWeb Server
Improved SecurityModular design results allow:
Reduced installation footprintCustomized, streamlined servers
Application Pools are Sandboxed by default
Easier to manage Redesigned IIS Manger
Easier to use while allowing more controlRemote administration over https
Delegate authority to configure to non-admins Your choice of powerful management tools
Increase uptime with Prescriptive error messagesBuilt in failed request tracing
Improved web farm support with shared configuration
Proven ScaleMySpace - 23 Billion Page* Views/MonthMicrosoft.com - 10k Req/sec & 300K ConnectionsMatch.com 30 million page view daily
Proven SecurityNo critical IIS 6 hotfixes since RTM
as of 4/4/07
Proven Trust54% of Fortune 1000 use IIS (port80software.com)
A solid foundation to build on.
Customer Feedback Revealed…• Site density on shared servers is too low• Metabase corruption and replication issues• Too few options for site owner
administration• Site/server failures too difficult to
troubleshoot• Not enough flexibility for customization• Current support for PHP apps is inadequate
Send ResponseLog Compres
s
NTLM Basic
Determine
Handler
CGI
Static File
AuthenticationAnon
Monolithic Monolithic implementationimplementationInstall Install all or nothingall or nothing……
Extend server functionality Extend server functionality only through only through ISAPIISAPI……
ASP.NET
PHPISAPI
…
…
Send ResponseLog Compres
s
NTLM Basic
Determine
Handler
CGI
Static File
ISAPI
AuthenticationAnon
SendResponse
Authentication
Authorization
ResolveCache
ExecuteHandler
UpdateCache
…
…
Server functionality is Server functionality is split into ~ 40 split into ~ 40 modulesmodules......
Modules plug into a Modules plug into a generic request generic request pipeline…pipeline…
Modules Modules extend serverextend server functionalityfunctionality through a through a public module API.public module API.
…
…
IIS 6 IIS 7 Benefits
Architecture Monolithic Modular Customize, Extend,Streamline
Setup Most Features installed (many disabled)
Minimal installation for designated role
Increased Security
Extend Features
ISAPI filters and ISAPI extensions
Add modules and handlers in native or managed code
Easier to develop application and administration features
Customize UI Possible, but not common.
Extensible, modular, based on .NET
Much easier for developers to provide new admin features
IIS7 Default Installation in Longhorn
Completely redesigned IIS ManagerTask-oriented
Context sensitive ‘Actions’ paneTabs are replaced with Icons
Allows IIS & and ASP.NET configurationIcons instead of tabsProvides Managed extensibility
Add new management and IIS featuresApplication configuration can integrate
into UIView health and diagnostics within the
UIBuilt in remote administration over
httpsManage 1 or 1000’s of sites
Use IIS Manager from Longhorn, Vista, Windows Server 2003 & XP
No administration website required!
Secure, firewall-friendly connection over HTTP/SSL• Authenticates both Windows and non-
Windows credentialsFully customizable
Supports auto-deployment of new Administration features from server->client
Can hide features remote user cannot edit
Application Pool architecture based on IIS 6Familiar settings for recycling, health
monitoring, and process identity are the same
Two pool types in IIS 7Integrated
Allows use of managed code to provide pipeline services for all requestsExample: .NET Forms authentication for PerlIntegrated is the default for new pools
Classic Works same as IIS 6Ensures .NET compatibility
ISAPI-based ImplementationOnly sees ASP.NET requestsFeature duplication
Send ResponseLog Compres
s
NTLM Basic
Determine
Handler
CGI
Static File
ISAPI
AuthenticationAnon
…
…
AuthenticationForm
sWindow
s
Map Handl
er
ASPX
Trace
……
…
aspnet_isapi.dlaspnet_isapi.dlll
Two App Pool Modes
Classic (IIS 6)Integrated Mode
.NET modules / handlers plug directly into pipelineProcess all requestsFull runtime fidelity
Log
Compress
Basic
Static File
ISAPI
Anon
SendResponse
Authentication
Authorization
ResolveCache
ExecuteHandler
UpdateCache
…
…AuthenticationForm
sWindo
ws
Map Handl
er
ASPX
Trace
……
…
aspnet_isapi.daspnet_isapi.dllll
Moved from Metabase.xml (and .bin) to Applicationhost.config
File based configuration improves manageabilityConfig can be copied to other
serversEasier to read Facilitates backup, restore and
editingYou now have choices about how to
manage IIS configuration1.Centralized Configuration2.Delegated Administration 3.Shared Configuration
NET global settings
ASP.net global settings
Global settings and location tags
Contoso.com \ Orders
.NET Framework Global web.config
Machine.config
IIS 7Applicationhost.config
Site RootWeb.config
<system.web>.NET settings
..
..
..
<system.webServer>IIS7 Delegated settings
..
Contso.com root
Delegated Control to Site Owners
Site Owners control designated settings without elevated server privileges
Delegated settings written to Web.config filesSite and/or application levelShared with ASP.net configurationXCopy deploy configuration and content
Granular control over delegated settings allows precise lockingExample:
Always require Windows Authentication, but let site owner control Basic.
All web servers can share a single application host.config
Eliminates configuration replication in a web farm
All administration tools are redirected to a common UNC path
Does not replicate contentFirst appearance in Longhorn Beta
3
New sites are assigned to a unique poolUnique SID is associated with poolAt runtime, a temporary “applicationpool.config” file is created
Contains only settings for the poolUnique SID is allowed accessNo other pool can read the configuration
Process ID is still Network Service
View Detailed Errors in the BrowserNew errors provide prescriptive guidance
Access Runtime State Info in Real-TimeNew APIs expose all runtime diagnostic
informationEx. See all currently executing requests
Rapidly Troubleshoot Faulty Applications
Define ‘failures’ triggers by error code or time taken
Configurable per application or URLResulting Failed Request log is chronicle
of events for the “failed” requestQuickly identify bottlenecks Developers can add custom events
APPCMDGeneral purpose command line toolQuery and control state, change settings, add sites and vdirs
Managed Code APIMicrosoft.Web.Administration
WMIImproved namespace for IIS7
ADSI compatibilityPowershell
use with Managed API and WMI
C:\> C:\> appcmd list sitesappcmd list sites
SITE "Default Web Site" (id:1,bindings:HTTP/*:80:,state:Started)SITE "Default Web Site" (id:1,bindings:HTTP/*:80:,state:Started)SITE "Site1" (id:2,bindings:http/*:81:,state:Started)SITE "Site1" (id:2,bindings:http/*:81:,state:Started)SITE "Site2" (id:3,bindings:http/*:82:,state:Stopped) SITE "Site2" (id:3,bindings:http/*:82:,state:Stopped)
CC:\> :\> appcmd list requestsappcmd list requests
REQUEST "fb0000008000000e" (url:GET /wait.aspx?REQUEST "fb0000008000000e" (url:GET /wait.aspx?time=10000,time:4276 msec,client:localhost) time=10000,time:4276 msec,client:localhost)
C:\> C:\> appcmd list requests appcmd list requests /apppool.name:DefaultAppPool/apppool.name:DefaultAppPool
C:\> C:\> appcmd list requests appcmd list requests /wp.name:3567/wp.name:3567
C:\> C:\> appcmd list requests appcmd list requests /site.id:1 /site.id:1
Filter results by Filter results by application pool, application pool, worker process, or worker process, or sitesite
Go Live License available to publicDownload Centre – Download IIS 7 Extensions such as new FTP serverTechCenter to easily find the info you needAdvice and assistance in ForumsWalkthroughs, examples, and code samplesOnline labs – test IIS7 in your browser!
Web Server and Service Program
Invitations to Deep DivesTraining Events in RedmondVirtual LabsEmail Based SupportAccess to Builds of Longhorn ServerCase Study opportunities
For more information contact: [email protected]
© 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date
of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
DeprecatedNNTPIIS 5 Worker Process Isolation ModeFPSE (compatible alternative on IIS.net)Metabase.bin/Metabase.xmlIUSR_<servername> IWAM_ <servername> and IIS_WPGPOP3No administration website
Handler and module configuration settings have moved:
system.web/httpHandlers → system.webServer\handlerssystem.web/httpModules → system.webServer\modules
Watch for module conflicts in request processingSetting the “managedHandler” precondition for a module means “execute only for ASP.NET requests”