IIS6 Web Services
Overview
Application Platform FeaturesReliability FeaturesManageability Features Performance and Scalability FeaturesSecurity Features
Application Platform Features
Web ApplicationsThe Application Server RoleInstalling and Configuring the Application Server RoleConfiguring and Managing Your ServerAdding and Removing Components
Web Applications
A Web Application is a collection of content accessed through hypertext protocols
Static content Web siteCGI scriptsASP pagesActiveX®/COM componentsASP.NET pages.NET Web ServicesComponents of multi-tier applications
The Application Server Role
Combines specific interdependent functionality termed Web Application Server:
Microsoft Internet Information Services (IIS) 6.0Active Server Pages (ASP)ASP .NETComponent Object Model (COM+)Microsoft Data Engine (MSDE)Microsoft Message Queuing (MSMQ)
The Application Server Role
The Application Server Role, which includes IIS 6.0 and other components, is not installed by default in Windows Server 2003Two Interfaces
Configure Your Server/Manage Your Server WizardsAdd/Remove Programs, Add/Remove Windows Components
Configure Your Server and Manage Your Server
Web Application Server role can be added through Configure Your Server or Manage Your Server
Base components are automatically selectedAdditional components are installed based on choices made in wizard
After the role is added, it can be managed through Manage Your Server
Configure Your Server/Manage Your Server
Easy Web server setupConfigures only services required for application
Add/Remove ComponentsAllows for more granular component selection (and risk of incorrect component selection)
Reliability Features
Fault-tolerant ArchitectureHTTP stack (HTTP.sys)Application PoolsWWW ServiceWorker Processes (W3WP.exe)
IIS 5.0 Isolation Mode
Health Monitoring
Process Recycling
Crash Detection and Rapid Fail Protection
Fault-tolerant Architecture: Issues
Web sites and applications may contain flawed codeWeb server needs to be active manager of applications:
Be fault tolerant (not crash on application failure)Monitor the health of Web sites and applicationsActively recycle/restart processesContinue to queue requestsReliability without sacrificing performance
IIS 5.0All requests run through single process (Inetinfo.exe), Out-of-process applications (dllhost.exe) were slowApplication failures could crash server, other applications
Fault-tolerant Architecture: Solution
IIS 6.0 fault-tolerant process isolation architectureIsolates applications from each other and Web serverCore components
HTTP.sys: Kernel mode component for HTTP listening, routing, queuing, and cachingApplication pools: Groups sites and applications for easy management of process isolationWWW Service: Configuration and server management, process health monitoringWorker processes (W3WP.exe): Isolate Web site and application processing
IIS 6.0 Fault-tolerant Architecture
HTTP.sysHTTP.sys
WWW ServiceWWW
Service
KernelKernel
UserUser
W3WP.exeW3WP.exe
Web application
Web application
RequestRequest ResponseResponse
W3WP.exeW3WP.exe
Web application
Web application
Application PoolApplication Pool Application PoolApplication Pool
HTTP Stack (HTTP.sys)
HTTP stack with queuing and caching functionsRuns in kernel modeSupports IPv4 and IPv6Does not load or run any Web site or application codeCannot be affected by applications errors and failuresRoutes requests to IIS application pools based on URL mappingText-based and binary logging
HTTP Stack (HTTP.sys): Kernel-Mode Queuing
HTTP.sys queues incoming HTTP requestsEach queue supports a set of sites/applicationQueue size can be set by administratorIf an application fails:
HTTP.sys continues to accept and queue requests until the application is restarted or the server is shut downOnce the application restarts, the queue is processed until it is empty
Buffers client application from application errorsIncreases site and application availability
Application PoolsDefines a set of Web applications managed together
Separated by process boundariesServed by one or more worker processesRequests routed directly to pool by HTTP.sysNot affected by sites and applications in other poolsApplication cannot be routed to another pool while being serviced by the current poolApplications can be assigned to different pools runningwhile server is
Application Pools: Configuration
Easy to create and manageCan configure up to 20,000 application pools per
server
WWW Service
RolesConfigures HTTP.sysManages worker processes
Application code runs in separate worker processes
No application code runs in WWW ServiceRequests do not route through WWW ServiceEnsures Web server reliabilityApplication errors cannot crash Web server
WWW Service: Configuration
At IIS 6.0 startupReads metabase and initializes HTTP.sys routing table Creates one entry for each URL to app pool mappingDetermines routing from request to worker process
As application pools and applications are added
Configures HTTP.sys to accept new URL requestsSets up the request queues for new application poolsIndicates where the new URLs should be routed
WWW Service: Process Management
During IIS 6.0 operation WWW Service monitors processes
Determines when to start a worker process… when to start additional worker processes… when a worker process has failed or blocked… when to recycle or restart a worker process
Requests continue to be queued and updated while an application is being recycled
Process recycling is invisible to client application
Worker Processes
Responsible for handling Web requests for a set of sites and applicationsEach application pool is served by one or more worker processEach worker process is self–contained
Receives requests directly from HTTP.sysContains Web request processing functionalityLoads ISAPIs: filters and extensions (ASP, ASP .NET, Microsoft FrontPage® Server Extensions)
Delivers complete isolation from system components and other Web applications
Worker Processes: Configuration
Worker process can be started as:
Network Service (default)Local SystemLocal ServiceConfigured ID
IIS 6.0 Fault-tolerant Architecture
WWW ServiceWWW
Service
Con
fig M
grC
onfig
Mgr
Proc
ess
Mgr
Proc
ess
Mgr
HTTP.sysHTTP.sys
Web GardenWeb Garden
W3WP.exeW3WP.exe
ISAPIExtensions(ASP, etc.)
ISAPIExtensions(ASP, etc.)
ISAPI FiltersISAPI Filters
Application Pool 2
Application Pool 2
W3WP.exeW3WP.exe
ASP.NET ISAPIASP.NET ISAPI
CLR Application Domain
CLR Application Domain
W3WP.exeW3WP.exe
ASP.NET ISAPIASP.NET ISAPI
CLR Application Domain
CLR Application Domain
INETINFOINETINFO
metabase
Application Pool 1
Application Pool 1
W3WP.exeW3WP.exe
ISAPIExtensions(ASP, etc.)
ISAPIExtensions(ASP, etc.)
ISAPI FiltersISAPI Filters
Fault-tolerant Architecture: Benefits
Dramatically increased reliabilityNo server rebootsSelf healing on application failureIncreased scalabilitySimplified server administration
IIS 5.0 Isolation ModeSome applications may not work in IIS 6.0 worker process isolation environment
Multiple-instanceSession state persisted in-processApplications written as read raw data filters
IIS 6.0 can switch to IIS 5.0 isolation modeEverything in user mode operates as in IIS 5.0IIS 5.0 methods of application isolation (low, medium [pooled], high)Inetinfo.exe still master processHTTP.sys performance benefits
Kernel-mode request queuing Kernel-mode caching
Process Health MonitoringDetects and recovers from thread deadlock
How does it work?Configurable time limitWWW Service pings each worker processIf (no response in time limit) Default
Kill process Publish event Start new process
Or Take a configured
action => “Orphaning”
Other application pools keep running
HTTP.sysHTTP.sys
WWW ServiceWWW
ServiceW3WP.exeW3WP.exe
KernelKernel
UserUserWeb
applicationWeb
application
Process Health Monitoring: Debug Action
Allows for custom action to be executed when process fails to respond, for example:
Send e-mail to administratorAttach debuggerProcess dump
Process left runningThough WWW Service dropped its process handle
Crash Detection and Rapid Fail Protection
WWW Service detects process crashOn failure
Publish event to event logCheck “crash count”If (Crash count > Max Crashes in time limit)
Disable application poolElse start new process if demand
Rapid Fail ProtectionOnly allow x crashes in y minutesReturn 503 errors when invoked
Manageability FeaturesConfiguration MetabaseXML Metabase AdvantagesChange Configuration While RunningMetabase Save OptionsMetabase Import/ExportServer Configuration Backup/RestoreImproved Patch ManagementIIS WMI ProviderCommand Line/Script AdministrationWeb-based Administration ConsoleLogging
Configuration Metabase: Before IIS 6.0
Hierarchical store of IIS configuration information
EnablesInheritanceData typingChange notificationSecurity
IIS 4.0/IIS 5.0 storage is proprietary binary file
Metabase.binNot easy to read or edit
Admin UIAdmin UI
Active Directory Service Interface
(ADSI)
Active Directory Service Interface
(ADSI)
Admin Base ObjectAdmin Base Object
metabase.bin
Configuration Metabase: IIS 6.0 XML Metabase
Metabase now stored in XMLPlain text fileChange configuration while server is runningAutomatic backup with version controlApplication configuration exportable and importable from fileImport/Export configurationServer-independent backups
Admin Base ObjectsAdmin Base Objects
UIUI WMIWMI ADSIADSI
Metabase.xml MBSchema.xml
XML Metabase AdvantagesEasier to:
Diagnose metabase corruptionExtend existing metabase schema through XMLRead/edit current metabase configuration directly Completely compatible with existing APIs and ADSIExisting binary metabases upgrade to XML cleanly
Better performance/scalability„Faster” read times than IIS 5.0 binary metabaseEquivalent write performance to IIS 5.0 binary metabase
Change Configuration While Running
Metabase can be modified while IIS 6.0 is runningTo enable, select “Enable Direct Metabase Edit”Does not require server restartCan use any text editor—Notepad .NET, PERL, etc
Metabase Save Options
FrequencySave event scheduled 60 seconds after last changeAt save event, if the number of writes since the first change exceeds 30, the save event is deferred 60 secondsIf deferring continues, metabase save occurs 5 minutes from first change
What happensData saved to metabase.xmlWWW Service URL to application pool tables updated
Metabase Import/Export
Export/import metabase config to/from XMLOptions include
Export/Import inherited propertiesExport/Import node only (or entire subtree)Password encrypt exported file
Server Independent Backup/Restore
New capabilities in IIS 6.0
Backup with passwordAutomatic backups
UTF-8 Logging Support
IIS 6.0 now supports writing log files in UTF-8 instead of ASCII or local codepageConfigurable at the WWW service level
Binary LoggingAllows for more than 10,000 sites to write to a single log file in a binary, non-formatted manner
Improved performance because data does not need to be formatted
Provides several scalability benefits Reduction in the number of log file buffers needed
Post-process log file to extract the log entries
Allows for the use of custom tools to process binary log files
Format of the log entries and file published
Logging of HTTP Substatus Codes
IIS returns substatus codes for specific types of problems
Request cannot be served because required application has not been unlocked (for example, ASP by default on clean installations)
The client receives 404 errorIIS actually generates a 404.2 error
Errors now logged to W3C and binary log files
Performance and Scalability Features
Kernel-mode CachingResource Accounting and Quality of Service (QoS)Site ScalabilityIdle Timeout and Demand StartASP.NET and IIS 6.0 Integration
Kernel-mode Caching
Cached responses served straight from HTTP.sys
Can double speedNo user-mode transitionApplications will not see requests if served from cache
Static and dynamic contentSmart caching
RequestRequest ResponseResponse
W3WP.EXE (IIS6.0)W3WP.EXE (IIS6.0)
HTTP SYSHTTP SYSCache
ASP.NET/CLR
User Application
UserKernel
Network StackNetwork Stack
Web Gardens and Processor Affinity
Web GardensApplication pool with multiple worker processesConnection-based routing within garden
Processor AffinitizationBind processes to one or more CPUsMask-based configuration
HTTP.sysHTTP.sys
Web Garden Application Pool
WWW Servi
ce
WWW Servi
ce
Worker ProcessWorker Process
ISAPIExtension
ISAPIExtension
ISAPI FilterISAPI Filter
Resource Accounting and Quality of Service (QoS)Ensures that components or content do not monopolize server resources
Allows administrator to control resources used by sites, application pools, WWW service, and so on Ensures quality of service that other services/sites/applications on the system receive by limiting the resources consumed by particular Web sites/applications, and/or the WWW service itself
QoS features:Connection limits Connection timeouts Application pool queue length limits Bandwidth throttling Process accounting Memory-based recycling
Site Scalability
Targeting many thousands of sites per machine
Current suggested maximum is 20000 sites
Re-architected Startup/Shutdown routines for lazy site initializationCentralized, binary logging
Option to have one central log file per computer rather than tens of thousands when doing dense hosting
Other Platform Improvements
64-bit supportCode base compiled for 32-bit and 64-bit platforms
Internet Protocol version 6 (IPv6) SupportProduction-ready IPv6 stackIf IPv6 protocol stack is installed, IIS 6.0 will automatically handle HTTP requests that arrive over IPv6
Granular CompressionOn congested network, useful to compress responses
In IIS 5.0, compression was an ISAPI filter and could only be enabled for the whole serverIIS 6.0 allows file level compression
Security Features Locked down by defaultMultiple levels of securityUnlocking FunctionalityApplication IsolationNetwork Service AccountSSL v3 ImprovementsConfigurable Worker Process IDPassport AuthenticationWindows Server 2003 Authorization FrameworkConstrained Delegated AuthenticationFTP Security Features
Locked Down By Default
IIS is not installed by install or upgrade default
Except on Windows Server 2003, Web Edition
When initially installed, only requests for static content allowed by default
For example: HTML, text, .jpg, .bmpNo ASP, ASP.NET, CGI, or other dynamic content is allowed (unless ASP or ASP.NET has been installed)
Aggressive, secure default timeoutsAdditional content types must be specifically enabledGroup Policy can be used to prevent IIS installs on workstations or inappropriate servers
Multiple Levels of Security
IIS only serves recognized file extensionsUnrecognized extensions are refused
File verificationServer verifies that content exists before giving request to request handler (ISAPI extension)
Buffer overflow protectionWorker process detects and exits program if buffer overflow detected
Command-line tools inaccessible to Web usersUpload data limitations defined by administrators
Multiple Levels of Security
Write-protected contentAnonymous users cannot modify content
Access Control List (ACL) settingsCommand line filesContentLogfilesCustom error directory On cache directories
No executable virtual directories/SCRIPTS and /MSADC
Unlocking Functionality
In default install, administrator must manually enable:
ISAPICGIASPASP.NETFPSEWebDAVServer Side Includes
Enable using command-line, script, or GUI
Application Isolation
One IIS 6.0 server can securely host many Web sites and applicationsApplication pools provide unit of isolationIsolation is achieved through:
Configurable worker process identityBandwidth and CPU throttlingMemory-based recycling
Configurable Worker Process Identity
Each worker process can be run as
Network ServiceLocal SystemLocal ServiceConfigured ID
IIS_WPGNew user group IIS resource ACLs configured for this group
Network Service Account
New built-in accountVery few privileges
Adjust memory quotas for a process Generate security audits Logon as a service Replace process level token Impersonate a client after authentication Allow logon locally Access this computer from the network
Provides additional security because worker processes have few rights
SSL Improvements
PerformanceFaster and more scalable than IIS 5.0
Remotable Certification ObjectIn IIS 5.0, could not remotely manage SSL certificates because CSP is not remotableCertObject allows remote certificate management
Selectable Crypto-Service ProviderEnables easy selection of third-party Crypto application programming interface (CAPI) providersHardware SSL accelerators
SSL Improvements
SSL StreamFilter is hosted in LSASS.exe process (can give up to 25% throughput gains in SSL loads)Aggressive SSL thread poolSignificant performance work on multiprocessor machines
Increases up to 2X for some workloads on 8P computers
Microsoft Passport Authentication
Integrated with Windows Server 2003Can assign permissions to resources with Passport accountsMap Passport credentials to Microsoft Active Directory® accounts
Windows Server 2003 Authorization Framework
IIS 5.0 authorization model is resource-ACL based
Object-oriented permissionsWeb applications are operation/task-driven, not object-drivenApplication had to provide operation/task access control
IIS 6.0 extends the Windows Server 2003 authorization framework
URL-specific authorizationAuthorization ManagerApplication-specific access
FTP Security Features
IIS 6.0 isolates users into their own directoriesLocks user’s FTP session to a directory under FTP rootAuthenticates using local or domain account Using Active Directory accountUsing local accountAnonymous access with user isolation
FTP Security Features
Isolation levels
Compatibility/no isolationSmall business/stand-alone isolationEnterprise isolation using Active Directory integration