Transcript document

Introducing IIS7:
Microsoft’s
Next Generation
Web Server
Improved Security
Modular design results allow:
Reduced installation footprint
Customized, streamlined servers
Application Pools are Sandboxed by default
Easier to manage
Redesigned IIS Manger
Easier to use while allowing more control
Remote administration over https
Delegate authority to configure to non-admins
Your choice of powerful management tools
Increase uptime with
Prescriptive error messages
Built in failed request tracing
Improved web farm support with shared
configuration
Proven Scale
MySpace - 23 Billion Page* Views/Month
Microsoft.com - 10k Req/sec & 300K
Connections
Match.com 30 million page view daily
Proven Security
No critical IIS 6 hotfixes since RTM
as of 4/4/07
Proven Trust
54% of Fortune 1000 use IIS
(port80software.com)
A solid foundation to build on.
Customer Feedback Revealed…
• Site density on shared servers is too low
• Metabase corruption and replication issues
• Too few options for site owner administration
• Site/server failures too difficult to troubleshoot
• Not enough flexibility for customization
• Current support for PHP apps is inadequate
Authentication
NTLM
Basic
Anon
Monolithic implementation
Install all or nothing…
…
CGI
Determine
Handler
Static
File
ASP.NET
ISAPI
…
PHP
Send Response
Log
Compress
Extend server functionality only
through ISAPI…
Authentication
NTLM
Basic
Server functionality is split
into ~ 40 modules...
Anon
Authorization
…
ResolveCacheCGI
…
Determine
Static
File
Handler
ExecuteHandler
ISAPI
…
…
UpdateCache
Send Response
SendResponse
Log
Compress
Modules plug into a
generic request pipeline…
Modules extend server
functionality through a
public module API.
IIS 6
IIS 7
Benefits
Architecture
Monolithic
Modular
Customize,
Extend,
Streamline
Setup
Most Features
Minimal
installed
installation for
(many disabled) designated role
Increased
Security
Extend
Features
ISAPI filters and Add modules
ISAPI
and handlers in
extensions
native or
managed code
Easier to
develop
application and
administration
features
Customize UI
Possible, but
not common.
Much easier for
developers to
provide new
admin features
Extensible,
modular, based
on .NET
IIS7 Default Installation in Longhorn
 Completely redesigned IIS Manager
 Task-oriented
 Context sensitive ‘Actions’ pane
 Tabs are replaced with Icons
 Allows IIS & and ASP.NET configuration
 Icons instead of tabs
 Provides Managed extensibility
 Add new management and IIS features
 Application configuration can integrate into UI
 View health and diagnostics within the UI
 Built in remote administration over https
 Manage 1 or 1000’s of sites
 Use IIS Manager from Longhorn, Vista,
Windows Server 2003 & XP
 No administration website required!
 Secure, firewall-friendly connection
over HTTP/SSL
• Authenticates both Windows and non-
Windows credentials
 Fully customizable
 Supports auto-deployment of new
Administration features from server->client
 Can hide features remote user cannot edit
 Application Pool architecture based on IIS 6
 Familiar settings for recycling, health monitoring, and
process identity are the same
 Two pool types in IIS 7
 Integrated
 Allows use of managed code to provide pipeline
services for all requests
 Example: .NET Forms authentication for Perl
 Integrated is the default for new pools
 Classic
 Works same as IIS 6
 Ensures .NET compatibility
ISAPI-based Implementation
Only sees ASP.NET requests
Feature duplication
Authentication
NTLM
Basic
Anon
…
Determine
Handler
CGI
aspnet_isapi.dll
Static
File
Authentication
ISAPI
Windows
…
ASPX
…
Send Response
Log
Forms
Compress
Map
Handler
Trace
…
…
Basic
Anon
Authentication
Authorization
ResolveCache
…
ExecuteHandler
…
Classic (IIS 6)
Integrated Mode
.NET modules / handlers
plug directly into pipeline
Process all requests
Authentication
Full runtime fidelity
aspnet_isapi.dll
Static
File
Forms
ISAPI
Windows
…
ASPX
UpdateCache
SendResponse
Two App Pool Modes
Map
Handler
Compress
Log
…
Trace
…
 Moved from Metabase.xml (and .bin) to
Applicationhost.config
 File based configuration improves
manageability
 Config can be copied to other servers
 Easier to read
 Facilitates backup, restore and editing
 You now have choices about how to
manage IIS configuration
1.
Centralized Configuration
2.
Delegated Administration
3.
Shared Configuration
Contso.com root
Contoso.com
\ Orders
.NET Framework
Machine.config
NET global settings
Site Root
Web.config
Global web.config
ASP.net
global settings
<system.web>
.NET settings
..
..
IIS 7
Applicationhost.config
Global settings and
location tags
..
<system.webServer>
IIS7 Delegated settings
..
 Delegated Control to Site Owners
 Site Owners control designated settings
without elevated server privileges
 Delegated settings written to Web.config
files
 Site and/or application level
 Shared with ASP.net configuration
 XCopy deploy configuration and content
 Granular control over delegated settings
allows precise locking
 Example:
 Always require Windows Authentication, but let
site owner control Basic.
 All web servers can share a single
application host.config
 Eliminates configuration replication in a
web farm
 All administration tools are redirected to a
common UNC path
 Does not replicate content
 First appearance in Longhorn Beta 3
New sites are assigned to a unique pool
Unique SID is associated with pool
At runtime, a temporary
“applicationpool.config” file is created
Contains only settings for the pool
Unique SID is allowed access
No other pool can read the configuration
Process ID is still Network Service
 View Detailed Errors in the Browser
 New errors provide prescriptive guidance
 Access Runtime State Info in Real-Time
 New APIs expose all runtime diagnostic
information
 Ex. See all currently executing requests
 Rapidly Troubleshoot Faulty Applications
 Define ‘failures’ triggers by error code or time taken
 Configurable per application or URL
 Resulting Failed Request log is chronicle of
events for the “failed” request
 Quickly identify bottlenecks
 Developers can add custom events
APPCMD
General purpose command line tool
Query and control state, change settings,
add sites and vdirs
Managed Code API
Microsoft.Web.Administration
WMI
Improved namespace for IIS7
ADSI compatibility
Powershell
use with Managed API and WMI
C:\> appcmd list sites
SITE "Default Web Site" (id:1,bindings:HTTP/*:80:,state:Started)
SITE "Site1" (id:2,bindings:http/*:81:,state:Started)
SITE "Site2" (id:3,bindings:http/*:82:,state:Stopped)
C:\>
appcmd list requests
REQUEST "fb0000008000000e" (url:GET
/wait.aspx?time=10000,time:4276 msec,client:localhost)
C:\> appcmd list requests /apppool.name:DefaultAppPool
C:\> appcmd list requests /wp.name:3567
C:\> appcmd list requests /site.id:1
Filter results by
application pool,
worker process, or
site
Go Live License available to public
Download Centre – Download IIS 7 Extensions such as new
FTP server
TechCenter to easily find the info you need
Advice and assistance in Forums
Walkthroughs, examples, and code samples
Online labs – test IIS7 in your browser!
Web Server and Service Program
Invitations to Deep Dives
Training Events in Redmond
Virtual Labs
Email Based Support
Access to Builds of Longhorn Server
Case Study opportunities
For more information contact:
[email protected]
© 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it
should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation.
MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Deprecated
NNTP
IIS 5 Worker Process Isolation Mode
FPSE (compatible alternative on IIS.net)
Metabase.bin/Metabase.xml
IUSR_<servername> IWAM_ <servername>
and IIS_WPG
POP3
No administration website
Handler and module configuration settings have
moved:
system.web/httpHandlers →
system.webServer\handlers
system.web/httpModules →
system.webServer\modules
Watch for module conflicts in request processing
Setting the “managedHandler” precondition for a
module means “execute only for ASP.NET
requests”