internet information server 6 0 n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Internet Information Server 6.0 PowerPoint Presentation
Download Presentation
Internet Information Server 6.0

Loading in 2 Seconds...

play fullscreen
1 / 32

Internet Information Server 6.0 - PowerPoint PPT Presentation


  • 125 Views
  • Uploaded on

Internet Information Server 6.0. IIS 6.0 Enhancements. Fundamental changes, aimed at: Reliability & Availability Performance Manageability Security. IIS 6.0 Reliability & Availability. INETINFO.EXE. INETINFO.EXE. ISAPI Filters and Extensions. ISAPI Filters and Extensions.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Internet Information Server 6.0' - jada


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
iis 6 0 enhancements
IIS 6.0 Enhancements
  • Fundamental changes, aimed at:
    • Reliability & Availability
    • Performance
    • Manageability
    • Security
review of iis 5 architecture

INETINFO.EXE

INETINFO.EXE

ISAPI Filters and

Extensions

ISAPI Filters and

Extensions

Metabase

Metabase

DLLHost.EXE

DLLHost.EXE

DLLHost.EXE

ISAPI

Extensions

ISAPI

Extensions

ISAPI

Extensions

Review of IIS 5 Architecture

WinSock 2.0

user

kernel

TCP/IP

iis 6 architecture

Worker Process

W3 Core

Web Admin Service

web app

HTTP.SYS

IIS 6 Architecture

user

kernel

http sys
HTTP.SYS
  • What is it?
    • Kernel-mode HTTP stack/listener
    • Always running
  • What does it do?
    • HTTP Listener and Parser
    • Process routing based on URL namespace
    • Request queues: kernel-mode queuing
    • Response cache for static requests
web admin service was
Web Admin Service - WAS
  • What is it?
    • Configuration, Application and Process Manager
  • What does it do?
    • Configures HTTP.SYS for listening and routing
    • Periodic Recycling
      • Time, Hit, Memory, Schedule-based, and on-demand
    • Health Monitoring
      • Pinging, Crash detection
      • Rapid fail protection
    • Better debugging support
      • Orphan Web Processing Core Host Processes
web processing core w3wp exe
Web Processing CoreW3WP.exe
  • What is it?
    • Main web processing core responsible for handling web requests
  • Self–contained web server
    • Contains all web request processing functionality
    • Loads ISAPI’s – filters and extensions
      • ASP, ASP.NET, FrontPage® Server Extensions
  • Delivers complete isolation from system components and other web apps
iis 6 0 availability applications
IIS 6.0 Availability:Applications

Isolating Applications From Each Other

  • Applications grouped into Application Pools
    • Applications defined by URL namespace
    • One or many applications per Application Pool
    • Configure Processing features by Application Pool
    • One or many Worker Processes per Application Pool
    • Service Level Support
      • CPU accounting
      • Bandwidth throttling
iis 6 architecture managing worker processes

Worker Process

Worker Process

Worker Process

Worker Process

Worker Process

W3 Core

W3 Core

W3 Core

W3 Core

W3 Core

Web app

Web app

Web app

Web app

Web app

IIS 6 Architecture: Managing worker processes

Web Admin Service

Recycle

time!

user

kernel

HTTP.SYS

recycling
Recycling
  • Recycle periodically to ensure reliability
  • Recycle based on:
    • Uptime
    • # of requests
    • Schedule
    • Virtual memory consumption
    • On-Demand
application pool performance
Application Pool Performance
  • Goal = Support 2000 pools concurrently.
    • IIS5 Isolated OOP total was 80.
  • Scaling Features of Pools
    • Idle Timeout
    • CPU Accounting
    • Demand Start
web gardens
Web Gardens
  • Multiple Processes serving an application pool
    • Reliability and fault-tolerance
      • Allows another already initialized worker process to take over the current load
    • Can affinitize worker processes to a set of processors
    • Some throughput gains for applications that rely on process global resources
app pool health debugging features
App Pool Health & Debugging Features
  • Worker process health monitoring/gating
    • Process pinging
    • Startup/Shutdown limits
    • Kernel Mode Request Queuing
  • Rapid Fail Protection
  • “Orphan” worker processes in failure
configurable worker process id
Configurable Worker Process ID
  • Worker process can be started as:
    • Network Service (default)
    • Local System
    • Local Service
    • Configured ID
iis 6 0 performance1
IIS 6.0 Performance

Designed for high throughput

  • Kernel mode cache for static, unauthenticated content
    • No transition to user mode for cache hits
  • User-mode worker processes
    • No user mode to user mode process hop
    • Talk directly to HTTP.SYS to get requests
    • Ability to affinitize worker processes to CPUs
  • Support for 64-Bit
iis 6 0 scalability
IIS 6.0 Scalability

Scale up, out and in

  • SSL up to 900% faster
  • ISAPI up to 800% faster
  • CGI up to 100% faster
  • Support 20,000 sites and more per system
    • Improved Startup/Shutdown times (<2min)
    • Improved Scalability of Application Isolation (2000 Isolated Application Pools)
  • Improved Processor Scalability
    • 3x on a 4-processor box, 5x on an 8-way
management enhancements
Management Enhancements
  • XML Metabase
  • WMI Provider
  • Command-Line Interface
  • New Web-based Administration Console
iis commands
IIS Commands
  • Create web and FTP Sites

c:\>iisweb /create c:\webroot “My Site” /b 169.254.36.174

  • Create web and FTP V-Dirs
  • Backup/Restore
  • Export/Import Configuration
      • c:\>iiscnfg /import /f MySiteConfig.xml
      • /sp /lm/w3svc/1
      • /dp /lm/w3svc/4
iis 5 0 security issues
IIS 5.0 Security Issues
  • Code Red, Nimda, etc., etc.
  • Weaknesses
    • Windows 2000 Installed As An Application Server – Huge attack surface
    • Soft Defaults
    • High Privilege Accounts
    • No automated way to install patches
      • Result: Fixes out for months but not uniformly applied
      • Many companies survived Code Red & Nimda
  • IIS Lockdown Wizard & URLSCAN for IIS 4/5
  • Improved Patch Management
iis 6 0 security secure out of the box
IIS 6.0 SecuritySecure Out of the Box
  • Change in approach:
    • Clean up code, improved tools for defect detection
    • Secure defaults, minimize attack surface (static files only by default)
    • Customer ‘enables’ server features after setup
    • An infrastructure that by default installs security hot fixes (customer opts out, not in)
  • Educate the Customer
iis 6 0 security reduced attack surface
IIS 6.0 SecurityReduced Attack Surface
  • IIS is not installed by default
    • As well as 20+ other services
  • Server Lockdown: Serve HTM files only
    • Only Web service gets installed
    • IsapiRestrictionList
    • CGIRestrictionList
    • Template-based feature activation
  • Web service disabled on upgrade for benefit of non-IIS users
  • Prevent IIS6 install with group policy
web server security enhancements
Web Server Security Enhancements
  • URLscan implemented by default
  • Clean code
  • Architectural changes
    • Process isolation
    • Configurable identity
    • Application pool management
  • General OS hardening
  • New tools
    • AutoUpdate, SUS, Qchain, MBSA