Server Purposing
Download
Report
Transcript Server Purposing
Roller Coaster Ride
Lap Around IIS7
xxx
Bill Staples
Product Unit Manager, IIS
COM014 – A Lap Around IIS7
Microsoft Corporation
i n t e r n e t i n f o r m at i o n s e r v i c e s
seven
integrated extensible componentized delegated secure compatible supportable
IIS – a colorful past
1996 - V1 & 2 ships for Windows NT 3.5 & 4.0
1997 – V4 part of NT 4 Option Pack
2000 – V5 installed by default in Windows 2000
2001
March 2001, #1 in Internet Site Share
Fall 2001, Code Red and Nimda
2003 – V6 released in Windows Server 2003
IIS 6 Today
Secure by Design
Extensive design & code reviews
Penetration testing
Defense in depth
Secure by Default
IIS no longer installed by default with OS
IIS installs with “locked down” configuration
Runs with minimal permissions, secure configuration
Process architecture designed for app failure
Health detection
Automatic recycling of applications
Zero critical security patches since release
IIS 7 Overview
Core Server
Diagnostics
Compatibility
Security
Demos
Configuration & Admin Tool
The Metabase
Centralized, admin-only configuration store
COM-only interface
Poorly schematized XML format
Is Dead!
(global web configuration is now stored in applicationHost.config)
Built using 1996 era standards
IIS 7 Configuration Enables You To...
Store IIS and ASP.NET settings in web.config
XCopy web settings along with content
Share web settings across multiple servers
Extend configuration with your own schema
… in a clean, well-schematized format
The IIS Snap-in (inetmgr)
Administrator only console
Poorly factored UI (go where for security?)
Difficult to use (one
page
has
that
many
tabs?)
Is Dead!
(the new administration tool is named webmgr)
DCOM remoting
IIS 7 Admin Tool Enables You To...
Manage IIS and ASP.NET in one place
Manage individual sites and apps w/o machine
admin privileges
View health, diagnostics, users, more…
Extend with your own Admin UI
Delegated
configure and deploy w/o admin
privileges
For More Information…
COM431: IIS 7 Extensibility (Part 2): Building
Configuration and UI Modules
Friday 1pm, Room 404AB
The Core Server & ISAPI
All core IIS features implemented in w3core.dll
ISAPI difficult to master, not very flexible
ISAPI unused by IIS team
Is Dead!
is now
completely
modular, built on public APIs)
Built(IIS7
using
1996
era standards
IIS 7 Core Server Enables You To...
Build new IIS modules on full-fidelity APIs
Use native (C/C++) or Managed (C#, VB .NET) code
Use existing ASP.NET modules / handlers
Customize IIS footprint – per site or app
IIS7 Core Web Server Modules
Logging and
Diagnostics
AuthN/AuthZ
HttpLoggingModule
CustomLoggingModule
RequestMonitorModule
TracingModule
Extensibility
BasicAuthModule
ManagedEngineModule
DigestAuthModule
ISAPIModule
WindowsAuthModule
ISAPIFilterModule
CertificateAuthModule
CGIModule
AnonymousAuthModule
ServerSideIncludeModule
Publishing
DavModule
FormsAuthModule
AccessCheckModule
UrlAuthorizationModule
Core Web Server
StaticFileModule
DefaultDocumentModule
HttpCacheModule
DirectoryListingModule
DynamicCompressionModule
Http Protocol Support
CustomErrorModule
StaticCompressionModule
Configuration and Metadata Caches
ValidationRangeModule
TraceVerbModule
ConfigurationModule
UriCacheModule
OptionsVerbModule
ClientRedirectionModule
SiteCacheModule
FileCacheModule
Componentized
powerful, flexible building blocks for
minimal footprint
For More Information…
COM406 IIS7 Extensibility (Part 1):
Building New Core Server Modules
Wednesday 11:00am, Room 406AB
COM303 IIS7: Building More Powerful ASP.NET
Applications with IIS7
Wednesday 1:45pm, Room 152/153
IIS 7 Diagnostics Enables You To...
View real-time server state information
Control state of Sites, Apps, AppPools, AppDomains
Log detailed trace events across web platform stack
Automatically log event traces on error conditions
Extend trace logging with your own events
Supportable
easy to diagnose and fix problems
For More Information…
COM320 IIS7 Instrumenting, Diagnosing, and
Debugging Web Applications
Wednesday 11:30am, Room 515AB
IIS 7 Compatibility Means…
Existing ISAPI filters and extensions just work
Classic ASP applications just work
ASP .NET v1.1 and v2.0 applications just work
ADSI and WMI scripts just work against new IIS config
Compatible
existing applications just work
IIS 7 Security Enables You To...
Reduce attack surface through componentization
Configure / manage sites and apps w/o admin privileges
Easily secure web sites using unified authn/authz model
Filter requests using built-in module
IIS 7 Summary
Distributed and delegated configuration
Tremendous extensibility, flexibility and customization
Rich diagnostics and troubleshooting support
Committed to compatibility
Continues to build on rock solid IIS 6.0 security
IIS7
© 2005 Microsoft Corporation. All rights reserved.
This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.