lap around iis7 bill staples product unit manager, iis com014 – a lap around iis7 microsoft...
Post on 19-Dec-2015
217 views
TRANSCRIPT
Lap Around IIS7Lap Around IIS7
Bill StaplesBill StaplesProduct Unit Manager, IISProduct Unit Manager, IISCOM014 – A Lap Around IIS7COM014 – A Lap Around IIS7Microsoft CorporationMicrosoft Corporation
xxxxxxRoller Coaster RideRoller Coaster Ride
s e v e ns e v e nsupportabl
esupportabl
e
i n t e r n e t i n f o r m at i o n s e r v i c i n t e r n e t i n f o r m at i o n s e r v i c e se s
i n t e r n e t i n f o r m at i o n s e r v i c i n t e r n e t i n f o r m at i o n s e r v i c e se s
integrated
integrated
extensible
extensible
componentized
componentized
compatible
compatiblesecuresecuredelegate
ddelegate
d
IIS – a colorful pastIIS – a colorful past1996 - V1 & 2 ships for Windows NT 3.5 & 1996 - V1 & 2 ships for Windows NT 3.5 & 4.04.0
1997 – V4 part of NT 4 Option Pack1997 – V4 part of NT 4 Option Pack
2000 – V5 installed by default in Windows 2000 – V5 installed by default in Windows 20002000
20012001March 2001, #1 in Internet Site ShareMarch 2001, #1 in Internet Site Share
Fall 2001, Code Red and NimdaFall 2001, Code Red and Nimda
2003 – V6 released in Windows Server 2003 – V6 released in Windows Server 20032003
IIS 6 TodayIIS 6 TodaySecure by DesignSecure by Design
Extensive design & code reviewsExtensive design & code reviewsPenetration testingPenetration testingDefense in depth Defense in depth
Secure by DefaultSecure by DefaultIIS no longer installed by default with OSIIS no longer installed by default with OSIIS installs with “locked down” configurationIIS installs with “locked down” configurationRuns with minimal permissions, secure Runs with minimal permissions, secure configurationconfiguration
Process architecture designed for app failureProcess architecture designed for app failureHealth detectionHealth detectionAutomatic recycling of applicationsAutomatic recycling of applications
ZeroZero critical security patches since critical security patches since releaserelease
IIS 7 OverviewIIS 7 Overview
Configuration & Admin Tool Configuration & Admin Tool
Core ServerCore Server
DiagnosticsDiagnostics
CompatibilityCompatibility
SecuritySecurity
Dem
os
The MetabaseThe Metabase
Is Dead!Is Dead!(global web configuration is now stored in applicationHost.config)(global web configuration is now stored in applicationHost.config)
Centralized, admin-only configuration storeCentralized, admin-only configuration store
COM-only interfaceCOM-only interface
Poorly schematized XML formatPoorly schematized XML format
Built using 1996 era standardsBuilt using 1996 era standards
IIS 7 Configuration Enables You To...IIS 7 Configuration Enables You To...
Store IIS and ASP.NET settings in Store IIS and ASP.NET settings in
web.configweb.config
XCopy web settings along with contentXCopy web settings along with content
Share web settings across multiple Share web settings across multiple
serversservers
Extend configuration with your own Extend configuration with your own
schemaschema
… … in a clean, well-schematized formatin a clean, well-schematized format
The IIS Snap-in (inetmgr)The IIS Snap-in (inetmgr)
Is Dead!Is Dead!(the new administration tool is named (the new administration tool is named webmgr)webmgr)
Administrator only consoleAdministrator only console
Poorly factored UI (go where for security?)Poorly factored UI (go where for security?)
Difficult to use (one page has that many Difficult to use (one page has that many tabs?)tabs?)
DCOM remotingDCOM remoting
IIS 7 Admin Tool Enables You To...IIS 7 Admin Tool Enables You To...
Manage IIS and ASP.NET in one placeManage IIS and ASP.NET in one place
Manage individual sites and apps w/o Manage individual sites and apps w/o
machine admin privilegesmachine admin privileges
View health, diagnostics, users, more…View health, diagnostics, users, more…
Extend with your own Admin UIExtend with your own Admin UI
For More Information…For More Information…
COM431: IIS 7 Extensibility (Part 2): COM431: IIS 7 Extensibility (Part 2):
Building Configuration and UI Building Configuration and UI
ModulesModules
Friday 1pm, Room 404ABFriday 1pm, Room 404AB
The Core Server & ISAPIThe Core Server & ISAPI
Is Dead!Is Dead!(IIS7 is now completely modular, built on public (IIS7 is now completely modular, built on public APIs)APIs)
All core IIS features implemented in All core IIS features implemented in w3core.dllw3core.dll
ISAPI difficult to master, not very flexibleISAPI difficult to master, not very flexible
ISAPI unused by IIS teamISAPI unused by IIS team
Built using 1996 era standardsBuilt using 1996 era standards
IIS 7 Core Server Enables You To...IIS 7 Core Server Enables You To...
Build new IIS modules on full-fidelity APIsBuild new IIS modules on full-fidelity APIs
Use native (C/C++) or Managed (C#, VB .NET) Use native (C/C++) or Managed (C#, VB .NET)
codecode
Use existing ASP.NET modules / handlersUse existing ASP.NET modules / handlers
Customize IIS footprint – per site or appCustomize IIS footprint – per site or app
IIS7 Core Web Server IIS7 Core Web Server ModulesModules
Http Protocol Http Protocol SupportSupportValidationRangeModuleValidationRangeModule TraceVerbModuleTraceVerbModule
OptionsVerbModuleOptionsVerbModule ClientRedirectionModuleClientRedirectionModule
Logging and Logging and DiagnosticsDiagnostics
HttpLoggingModuleHttpLoggingModule
CustomLoggingModuleCustomLoggingModule
Configuration and Metadata Configuration and Metadata CachesCachesConfigurationModuleConfigurationModule UriCacheModuleUriCacheModule
SiteCacheModuleSiteCacheModule FileCacheModuleFileCacheModule
Core Web ServerCore Web ServerDirectoryListingModuleDirectoryListingModule CustomErrorModuleCustomErrorModule
DynamicCompressionModuleDynamicCompressionModule StaticCompressionModuleStaticCompressionModule
StaticFileModuleStaticFileModule DefaultDocumentModuleDefaultDocumentModule
HttpCacheModuleHttpCacheModule
RequestMonitorModuleRequestMonitorModule
TracingModuleTracingModule
AuthN/AuthZAuthN/AuthZ
BasicAuthModuleBasicAuthModule
DigestAuthModuleDigestAuthModule
WindowsAuthModuleWindowsAuthModule
CertificateAuthModuleCertificateAuthModule
AnonymousAuthModuleAnonymousAuthModule
FormsAuthModuleFormsAuthModule
AccessCheckModuleAccessCheckModule
UrlAuthorizationModuleUrlAuthorizationModule
ExtensibilityExtensibility
ISAPIModuleISAPIModule
ISAPIFilterModuleISAPIFilterModule
CGIModuleCGIModule
ServerSideIncludeModuleServerSideIncludeModule
ManagedEngineModuleManagedEngineModule
PublishingPublishing
DavModuleDavModule
For More Information…For More Information…
COM303 IIS7: Building More Powerful COM303 IIS7: Building More Powerful
ASP.NET Applications with IIS7ASP.NET Applications with IIS7
Wednesday 1:45pm, Room 152/153Wednesday 1:45pm, Room 152/153
COM406 IIS7 Extensibility (Part 1): COM406 IIS7 Extensibility (Part 1):
Building New Core Server Building New Core Server
ModulesModules
Wednesday 11:00am, Room 406ABWednesday 11:00am, Room 406AB
IIS 7 Diagnostics Enables You To...IIS 7 Diagnostics Enables You To...
View real-time server state informationView real-time server state information
Control state of Sites, Apps, AppPools, Control state of Sites, Apps, AppPools,
AppDomainsAppDomains
Log detailed trace events across web platform Log detailed trace events across web platform
stackstack
Automatically log event traces on error Automatically log event traces on error
conditionsconditions
Extend trace logging with your own eventsExtend trace logging with your own events
For More Information…For More Information…
COM320 IIS7 Instrumenting, COM320 IIS7 Instrumenting,
Diagnosing, and Debugging Web Diagnosing, and Debugging Web
ApplicationsApplications
Wednesday 11:30am, Room 515ABWednesday 11:30am, Room 515AB
IIS 7 Compatibility Means…IIS 7 Compatibility Means…
Existing ISAPI filters and extensions just workExisting ISAPI filters and extensions just work
Classic ASP applications just workClassic ASP applications just work
ASP .NET v1.1 and v2.0 applications just workASP .NET v1.1 and v2.0 applications just work
ADSI and WMI scripts just work against new IIS ADSI and WMI scripts just work against new IIS
configconfig
IIS 7 Security Enables You To...IIS 7 Security Enables You To...
Reduce attack surface through componentizationReduce attack surface through componentization
Configure / manage sites and apps w/o admin Configure / manage sites and apps w/o admin
privilegesprivileges
Easily secure web sites using unified authn/authz Easily secure web sites using unified authn/authz
modelmodel
Filter requests using built-in moduleFilter requests using built-in module
IIS 7 SummaryIIS 7 Summary
Distributed and delegated configurationDistributed and delegated configuration
Tremendous extensibility, flexibility and Tremendous extensibility, flexibility and
customizationcustomization
Rich diagnostics and troubleshooting supportRich diagnostics and troubleshooting support
Committed to compatibilityCommitted to compatibility
Continues to build on rock solid IIS 6.0 securityContinues to build on rock solid IIS 6.0 security