1 / 27

What's New with IIS 8 Performance, Scalability, and Security

WSV332. What's New with IIS 8 Performance, Scalability, and Security. Robert McMurray Program Manager Microsoft Corporation. Session Overview. Session Objectives Learn how IIS 8 make it easier to secure your website and host secure sites

dorinda
Download Presentation

What's New with IIS 8 Performance, Scalability, and Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. WSV332 What's New with IIS 8Performance, Scalability, and Security Robert McMurray Program Manager Microsoft Corporation

  2. Session Overview • Session Objectives • Learn how IIS 8 make it easier to secure your website and host secure sites • Understand how IIS 8’s sand-boxing features isolate your websites and improve application responses • Discover how IIS 8’s Application Initialization features improve application startup experience • Key Takeaways • IIS 8 makes it easier to prevent unwanted activity through Dynamic IP Restrictions • IIS 8 reduces the attack surface for FTP brute-force/dictionary attacks • CPU Throttling can be used to sand-box websites and prevent performance issues • Application Initialization enhances your end-users’ website startup perceptions

  3. Securing My Web Server

  4. Securing My Web ServerDynamic IP Restrictions • IIS 7:Static IP Restrictions • Requires manually discovering and blocking known IP addresses • Only returns HTTP 403 status • IIS 8:Dynamic IP Restrictions* • Deny access based on concurrency or frequency of HTTP requests • Configurable response behavior • HTTP 401/403/404 status • Abort the request • Proxy-aware IP filtering * Note: A down-level version of Dynamic IP Restrictions has been released for IIS 7.5.

  5. Demo Dynamic IP Restrictions

  6. Securing My Web ServerFTP Logon Attempt Restrictions • IIS 7:FTP Static IP Filtering* • Requires manually discovering and blocking known IP addresses • Subject to brute-force attacks and password lockouts • IIS 8:FTP Logon Attempt Restrictions • Dynamically blocks IP addresses that flood the server with failures • Prevents script-kiddie and brute-force attacks * Note: You should also implement strong password policies and account lockouts.

  7. Demo FTP Logon Attempt Restrictions

  8. Scaling My Web Server

  9. Scaling My Web ServerCPU Throttling (Sand-boxing Applications) • IIS 7:CPU Throttling • Monitors for CPU use that exceeded specific threshold • Allows terminating an IIS worker process • IIS 8:CPU Throttling • Limits CPU usage per tenant: • Throttling CPU usage • Throttling under load • Terminating an IIS worker process

  10. Scaling My Web ServerCPU Throttling: Defining The Problem • You manage a server, and you host multiple tenants • Badly-written applications from some tenants might consume too many resources • Well-written applications from other tenants might be starved for resources

  11. Demo CPU ThrottlingSand-boxing CPU Usage

  12. Changing My Application Startup Experience

  13. Changing My Application Startup ExperienceApplication Initialization Module Application Initialization is built-in for Windows Server 2012 Application Initialization was released as an out-of-band (OOB) project for IIS 7.5

  14. Changing My Application Startup ExperienceApplication Initialization Allows the application decide how it will respond to requests received during the warm-up period Each application can define its own behavior IIS marks requests received during warm-up, and allows the application to change the startup experience

  15. Changing My Application Startup ExperienceApplication Start Mode Feature existed in IIS 7, but is more useful in IIS 8 Allows pre-starting application pools instead of waiting for a first request

  16. Changing My Application Startup ExperienceApplication Preload Allows an application to be initialized when the worker process starts Server administrator decides which applications should be preloaded New process and recycled process behave differently

  17. Demo Application Initialization

  18. Session Summary • In this presentation you… • Learned how IIS 8 makes it easier to secure your website and host secure sites • Understood how to throttle the resources for high CPU usage applications • Discovered how IIS 8’s Application Initialization increases website startup experience • Key Takeaways • IIS 8 makes it easier to prevent unwanted activity through Dynamic IP Restrictions • IIS 8 reduces the attack surface for FTP brute-force/dictionary attacks • CPU Throttling can be used to sand-box websites and prevent performance issues • Application Initialization enhances your users’ website perceptions

  19. Related Content WSV331 - What's New with IIS 8: Open Web Platform for Cloud WSV332 - What's New with IIS 8: Performance, Scalability, and Security DEV349 - Internet Information Services (IIS) Express for Web Developers Find Me Later At… the IIS Booth!

  20. IIS.NET: Home for the IIS Community! In-depth technical articles and samples Connect with other IIS experts through blogs http://learn.iis.net http://blogs.iis.net Free advice and assistance in forums Download center with IIS solutions • http://forums.iis.net http://www.iis.net/download

  21. Q & A Questions? Robert McMurray robmcm@microsoft.com Microsoft Corporation

  22. SIA, WSV, and VIR Track Resources #TE(sessioncode) Talk to our Experts at the TLC Hands-On Labs DOWNLOAD Windows Server 2012 Release Candidate microsoft.com/windowsserver DOWNLOAD Windows Azure Windowsazure.com/ teched

  23. Resources Learning TechNet • Connect. Share. Discuss. • Microsoft Certification & Training Resources http://northamerica.msteched.com www.microsoft.com/learning • Resources for IT Professionals • Resources for Developers • http://microsoft.com/technet http://microsoft.com/msdn

  24. Required Slide Complete an evaluation on CommNet and enter to win!

  25. MS Tag Scan the Tag to evaluate this session now on myTechEd Mobile

  26. © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

More Related