Introducing IIS7:Introducing IIS7:Microsoft’s Microsoft’s

Next Generation Next Generation Web ServerWeb Server

Improved SecurityModular design results allow:

Reduced installation footprintCustomized, streamlined servers

Application Pools are Sandboxed by default

Easier to manage Redesigned IIS Manger

Easier to use while allowing more controlRemote administration over https

Delegate authority to configure to non-admins Your choice of powerful management tools

Increase uptime with Prescriptive error messagesBuilt in failed request tracing

Improved web farm support with shared configuration

Proven ScaleMySpace - 23 Billion Page* Views/MonthMicrosoft.com - 10k Req/sec & 300K ConnectionsMatch.com 30 million page view daily

Proven SecurityNo critical IIS 6 hotfixes since RTM

as of 4/4/07

Proven Trust54% of Fortune 1000 use IIS (port80software.com)

A solid foundation to build on.

Customer Feedback Revealed…• Site density on shared servers is too low• Metabase corruption and replication issues• Too few options for site owner

administration• Site/server failures too difficult to

troubleshoot• Not enough flexibility for customization• Current support for PHP apps is inadequate

Send ResponseLog Compres

s

NTLM Basic

Determine

Handler

CGI

Static File

AuthenticationAnon

Monolithic Monolithic implementationimplementationInstall Install all or nothingall or nothing……

Extend server functionality Extend server functionality only through only through ISAPIISAPI……

ASP.NET

PHPISAPI

…

…

Send ResponseLog Compres

s

NTLM Basic

Determine

Handler

CGI

Static File

ISAPI

AuthenticationAnon

SendResponse

Authentication

Authorization

ResolveCache

ExecuteHandler

UpdateCache

…

…

Server functionality is Server functionality is split into ~ 40 split into ~ 40 modulesmodules......

Modules plug into a Modules plug into a generic request generic request pipeline…pipeline…

Modules Modules extend serverextend server functionalityfunctionality through a through a public module API.public module API.

…

…

IIS 6 IIS 7 Benefits

Architecture Monolithic Modular Customize, Extend,Streamline

Setup Most Features installed (many disabled)

Minimal installation for designated role

Increased Security

Extend Features

ISAPI filters and ISAPI extensions

Add modules and handlers in native or managed code

Easier to develop application and administration features

Customize UI Possible, but not common.

Extensible, modular, based on .NET

Much easier for developers to provide new admin features

IIS7 Default Installation in Longhorn

Completely redesigned IIS ManagerTask-oriented

Context sensitive ‘Actions’ paneTabs are replaced with Icons

Allows IIS & and ASP.NET configurationIcons instead of tabsProvides Managed extensibility

Add new management and IIS featuresApplication configuration can integrate

into UIView health and diagnostics within the

UIBuilt in remote administration over

httpsManage 1 or 1000’s of sites

Use IIS Manager from Longhorn, Vista, Windows Server 2003 & XP

No administration website required!

Secure, firewall-friendly connection over HTTP/SSL• Authenticates both Windows and non-

Windows credentialsFully customizable

Supports auto-deployment of new Administration features from server->client

Can hide features remote user cannot edit

Application Pool architecture based on IIS 6Familiar settings for recycling, health

monitoring, and process identity are the same

Two pool types in IIS 7Integrated

Allows use of managed code to provide pipeline services for all requestsExample: .NET Forms authentication for PerlIntegrated is the default for new pools

Classic Works same as IIS 6Ensures .NET compatibility

ISAPI-based ImplementationOnly sees ASP.NET requestsFeature duplication

Send ResponseLog Compres

s

NTLM Basic

Determine

Handler

CGI

Static File

ISAPI

AuthenticationAnon

…

…

AuthenticationForm

sWindow

s

Map Handl

er

ASPX

Trace

……

…

aspnet_isapi.dlaspnet_isapi.dlll

Two App Pool Modes

Classic (IIS 6)Integrated Mode

.NET modules / handlers plug directly into pipelineProcess all requestsFull runtime fidelity

Log

Compress

Basic

Static File

ISAPI

Anon

SendResponse

Authentication

Authorization

ResolveCache

ExecuteHandler

UpdateCache

…

…AuthenticationForm

sWindo

ws

Map Handl

er

ASPX

Trace

……

…

aspnet_isapi.daspnet_isapi.dllll

Moved from Metabase.xml (and .bin) to Applicationhost.config

File based configuration improves manageabilityConfig can be copied to other

serversEasier to read Facilitates backup, restore and

editingYou now have choices about how to

manage IIS configuration1.Centralized Configuration2.Delegated Administration 3.Shared Configuration

NET global settings

ASP.net global settings

Global settings and location tags

Contoso.com \ Orders

.NET Framework Global web.config

Machine.config

IIS 7Applicationhost.config

Site RootWeb.config

<system.web>.NET settings

..

..

..

<system.webServer>IIS7 Delegated settings

..

Contso.com root

Delegated Control to Site Owners

Site Owners control designated settings without elevated server privileges

Delegated settings written to Web.config filesSite and/or application levelShared with ASP.net configurationXCopy deploy configuration and content

Granular control over delegated settings allows precise lockingExample:

Always require Windows Authentication, but let site owner control Basic.

All web servers can share a single application host.config

Eliminates configuration replication in a web farm

All administration tools are redirected to a common UNC path

Does not replicate contentFirst appearance in Longhorn Beta

3

New sites are assigned to a unique poolUnique SID is associated with poolAt runtime, a temporary “applicationpool.config” file is created

Contains only settings for the poolUnique SID is allowed accessNo other pool can read the configuration

Process ID is still Network Service

View Detailed Errors in the BrowserNew errors provide prescriptive guidance

Access Runtime State Info in Real-TimeNew APIs expose all runtime diagnostic

informationEx. See all currently executing requests

Rapidly Troubleshoot Faulty Applications

Define ‘failures’ triggers by error code or time taken

Configurable per application or URLResulting Failed Request log is chronicle

of events for the “failed” requestQuickly identify bottlenecks Developers can add custom events

APPCMDGeneral purpose command line toolQuery and control state, change settings, add sites and vdirs

Managed Code APIMicrosoft.Web.Administration

WMIImproved namespace for IIS7

ADSI compatibilityPowershell

use with Managed API and WMI

C:\> C:\> appcmd list sitesappcmd list sites

SITE "Default Web Site" (id:1,bindings:HTTP/*:80:,state:Started)SITE "Default Web Site" (id:1,bindings:HTTP/*:80:,state:Started)SITE "Site1" (id:2,bindings:http/*:81:,state:Started)SITE "Site1" (id:2,bindings:http/*:81:,state:Started)SITE "Site2" (id:3,bindings:http/*:82:,state:Stopped) SITE "Site2" (id:3,bindings:http/*:82:,state:Stopped)

CC:\> :\> appcmd list requestsappcmd list requests

REQUEST "fb0000008000000e" (url:GET /wait.aspx?REQUEST "fb0000008000000e" (url:GET /wait.aspx?time=10000,time:4276 msec,client:localhost) time=10000,time:4276 msec,client:localhost)

C:\> C:\> appcmd list requests appcmd list requests /apppool.name:DefaultAppPool/apppool.name:DefaultAppPool

C:\> C:\> appcmd list requests appcmd list requests /wp.name:3567/wp.name:3567

C:\> C:\> appcmd list requests appcmd list requests /site.id:1 /site.id:1

Filter results by Filter results by application pool, application pool, worker process, or worker process, or sitesite

Go Live License available to publicDownload Centre – Download IIS 7 Extensions such as new FTP serverTechCenter to easily find the info you needAdvice and assistance in ForumsWalkthroughs, examples, and code samplesOnline labs – test IIS7 in your browser!

Web Server and Service Program

Invitations to Deep DivesTraining Events in RedmondVirtual LabsEmail Based SupportAccess to Builds of Longhorn ServerCase Study opportunities

For more information contact: brett.hill@microsof.com

© 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.

The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date

of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

DeprecatedNNTPIIS 5 Worker Process Isolation ModeFPSE (compatible alternative on IIS.net)Metabase.bin/Metabase.xmlIUSR_<servername> IWAM_ <servername> and IIS_WPGPOP3No administration website

Handler and module configuration settings have moved:

system.web/httpHandlers → system.webServer\handlerssystem.web/httpModules → system.webServer\modules

Watch for module conflicts in request processingSetting the “managedHandler” precondition for a module means “execute only for ASP.NET requests”