Transcript document
Introducing IIS7: Microsoft’s Next Generation Web Server Improved Security Modular design results allow: Reduced installation footprint Customized, streamlined servers Application Pools are Sandboxed by default Easier to manage Redesigned IIS Manger Easier to use while allowing more control Remote administration over https Delegate authority to configure to non-admins Your choice of powerful management tools Increase uptime with Prescriptive error messages Built in failed request tracing Improved web farm support with shared configuration Proven Scale MySpace - 23 Billion Page* Views/Month Microsoft.com - 10k Req/sec & 300K Connections Match.com 30 million page view daily Proven Security No critical IIS 6 hotfixes since RTM as of 4/4/07 Proven Trust 54% of Fortune 1000 use IIS (port80software.com) A solid foundation to build on. Customer Feedback Revealed… • Site density on shared servers is too low • Metabase corruption and replication issues • Too few options for site owner administration • Site/server failures too difficult to troubleshoot • Not enough flexibility for customization • Current support for PHP apps is inadequate Authentication NTLM Basic Anon Monolithic implementation Install all or nothing… … CGI Determine Handler Static File ASP.NET ISAPI … PHP Send Response Log Compress Extend server functionality only through ISAPI… Authentication NTLM Basic Server functionality is split into ~ 40 modules... Anon Authorization … ResolveCacheCGI … Determine Static File Handler ExecuteHandler ISAPI … … UpdateCache Send Response SendResponse Log Compress Modules plug into a generic request pipeline… Modules extend server functionality through a public module API. IIS 6 IIS 7 Benefits Architecture Monolithic Modular Customize, Extend, Streamline Setup Most Features Minimal installed installation for (many disabled) designated role Increased Security Extend Features ISAPI filters and Add modules ISAPI and handlers in extensions native or managed code Easier to develop application and administration features Customize UI Possible, but not common. Much easier for developers to provide new admin features Extensible, modular, based on .NET IIS7 Default Installation in Longhorn Completely redesigned IIS Manager Task-oriented Context sensitive ‘Actions’ pane Tabs are replaced with Icons Allows IIS & and ASP.NET configuration Icons instead of tabs Provides Managed extensibility Add new management and IIS features Application configuration can integrate into UI View health and diagnostics within the UI Built in remote administration over https Manage 1 or 1000’s of sites Use IIS Manager from Longhorn, Vista, Windows Server 2003 & XP No administration website required! Secure, firewall-friendly connection over HTTP/SSL • Authenticates both Windows and non- Windows credentials Fully customizable Supports auto-deployment of new Administration features from server->client Can hide features remote user cannot edit Application Pool architecture based on IIS 6 Familiar settings for recycling, health monitoring, and process identity are the same Two pool types in IIS 7 Integrated Allows use of managed code to provide pipeline services for all requests Example: .NET Forms authentication for Perl Integrated is the default for new pools Classic Works same as IIS 6 Ensures .NET compatibility ISAPI-based Implementation Only sees ASP.NET requests Feature duplication Authentication NTLM Basic Anon … Determine Handler CGI aspnet_isapi.dll Static File Authentication ISAPI Windows … ASPX … Send Response Log Forms Compress Map Handler Trace … … Basic Anon Authentication Authorization ResolveCache … ExecuteHandler … Classic (IIS 6) Integrated Mode .NET modules / handlers plug directly into pipeline Process all requests Authentication Full runtime fidelity aspnet_isapi.dll Static File Forms ISAPI Windows … ASPX UpdateCache SendResponse Two App Pool Modes Map Handler Compress Log … Trace … Moved from Metabase.xml (and .bin) to Applicationhost.config File based configuration improves manageability Config can be copied to other servers Easier to read Facilitates backup, restore and editing You now have choices about how to manage IIS configuration 1. Centralized Configuration 2. Delegated Administration 3. Shared Configuration Contso.com root Contoso.com \ Orders .NET Framework Machine.config NET global settings Site Root Web.config Global web.config ASP.net global settings <system.web> .NET settings .. .. IIS 7 Applicationhost.config Global settings and location tags .. <system.webServer> IIS7 Delegated settings .. Delegated Control to Site Owners Site Owners control designated settings without elevated server privileges Delegated settings written to Web.config files Site and/or application level Shared with ASP.net configuration XCopy deploy configuration and content Granular control over delegated settings allows precise locking Example: Always require Windows Authentication, but let site owner control Basic. All web servers can share a single application host.config Eliminates configuration replication in a web farm All administration tools are redirected to a common UNC path Does not replicate content First appearance in Longhorn Beta 3 New sites are assigned to a unique pool Unique SID is associated with pool At runtime, a temporary “applicationpool.config” file is created Contains only settings for the pool Unique SID is allowed access No other pool can read the configuration Process ID is still Network Service View Detailed Errors in the Browser New errors provide prescriptive guidance Access Runtime State Info in Real-Time New APIs expose all runtime diagnostic information Ex. See all currently executing requests Rapidly Troubleshoot Faulty Applications Define ‘failures’ triggers by error code or time taken Configurable per application or URL Resulting Failed Request log is chronicle of events for the “failed” request Quickly identify bottlenecks Developers can add custom events APPCMD General purpose command line tool Query and control state, change settings, add sites and vdirs Managed Code API Microsoft.Web.Administration WMI Improved namespace for IIS7 ADSI compatibility Powershell use with Managed API and WMI C:\> appcmd list sites SITE "Default Web Site" (id:1,bindings:HTTP/*:80:,state:Started) SITE "Site1" (id:2,bindings:http/*:81:,state:Started) SITE "Site2" (id:3,bindings:http/*:82:,state:Stopped) C:\> appcmd list requests REQUEST "fb0000008000000e" (url:GET /wait.aspx?time=10000,time:4276 msec,client:localhost) C:\> appcmd list requests /apppool.name:DefaultAppPool C:\> appcmd list requests /wp.name:3567 C:\> appcmd list requests /site.id:1 Filter results by application pool, worker process, or site Go Live License available to public Download Centre – Download IIS 7 Extensions such as new FTP server TechCenter to easily find the info you need Advice and assistance in Forums Walkthroughs, examples, and code samples Online labs – test IIS7 in your browser! Web Server and Service Program Invitations to Deep Dives Training Events in Redmond Virtual Labs Email Based Support Access to Builds of Longhorn Server Case Study opportunities For more information contact: [email protected] © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. Deprecated NNTP IIS 5 Worker Process Isolation Mode FPSE (compatible alternative on IIS.net) Metabase.bin/Metabase.xml IUSR_<servername> IWAM_ <servername> and IIS_WPG POP3 No administration website Handler and module configuration settings have moved: system.web/httpHandlers → system.webServer\handlers system.web/httpModules → system.webServer\modules Watch for module conflicts in request processing Setting the “managedHandler” precondition for a module means “execute only for ASP.NET requests”