Microsoft Internet Information Services 6.0 Overview Bill Staples and Jerry Bryant IIS Team Microsoft Corporation - PowerPoint PPT Presentation

lotus
slide1 l.
Skip this Video
Loading SlideShow in 5 Seconds..
Microsoft Internet Information Services 6.0 Overview Bill Staples and Jerry Bryant IIS Team Microsoft Corporation PowerPoint Presentation
Download Presentation
Microsoft Internet Information Services 6.0 Overview Bill Staples and Jerry Bryant IIS Team Microsoft Corporation

play fullscreen
1 / 30
Download Presentation
Microsoft Internet Information Services 6.0 Overview Bill Staples and Jerry Bryant IIS Team Microsoft Corporation
479 Views
Download Presentation

Microsoft Internet Information Services 6.0 Overview Bill Staples and Jerry Bryant IIS Team Microsoft Corporation

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Microsoft Internet Information Services 6.0 OverviewBill Staples and Jerry Bryant IIS TeamMicrosoft Corporation

  2. Agenda • Making the Web infrastructure better • Securing applications • Making applications more reliable • Faster and more scalable • Improving manageability • Resources • Q&A

  3. Making the Web Application Infrastructure Better • New process model • Application pools • Recycling • Health detection Reliable • Web gardens • More applications per machine • Demand start and idle timeout • Kernel cache for storing responses Scalable • Locked down by default • Constrained, delegated authentication • Configurable worker process ID Secure • XML metabase • WMI provider • Supported command-line tools Manageable

  4. W3wp.exe W3wp.exe W3wp.exe web app web app web app Web App Http.sys Kernel Making Applications More Reliable A New Architecture for IIS 6.0 • Goal: Enable complete app isolation from other Web apps and core Web server • Web service in INETINFO split out to do this: • Http.sys: Kernel mode listener and request router • WAS: Config and process manager • W3wp.exe: Where Web apps are processed • Multiple W3wp.exe files WAS

  5. Web Garden Application Pool 1 Application Pool 2 INETINFO WAS W3wp.exe W3wp.exe W3wp.exe W3wp.exe W3wp.exe W3wp.exe DLLHOST.exe ASP.NET ISAPI ASP.NET ISAPI ASP.NET ISAPI ASP.NET ISAPI ISAPI Extensions (ASP, etc.) ISAPI Extensions (ASP, etc.) ISAPI Extensions (ASP, etc.) metabase CLR App Domain CLR App Domain CLR App Domain CLR App Domain Config Mgr Process Mgr CLR App Domain CLR App Domain CLR App Domain CLR App Domain ISAPI Filters ISAPI Filters ISAPI Filters Http.sys IIS 6.0 ArchitectureThe transition from IIS5 to IIS6 INETINFO Aspnet_wp.exe metabase ASP.NET ISAPI CLR App Domain CLR App Domain CLR App Domain TCP/IP

  6. Making Applications More ReliableApplication Pools • Can create one or more application pools • Each served by one or more W3wp.exe files • Each W3wp.exe serves only one pool • Reqs routed directly to pool by Http.sys • Isolate apps based on • Site and customer • Functionality • Reliability

  7. Application Pool W3wp.exe ASP.NET App Domain App Domain App Domain App Domain App Domain App Domain App Domain App Domain Making Applications More Reliable .NET Application Domains vs. Application Pools • Application domains • Lightweight CLR unit of isolation • One app domain per IIS application • Combine with W3wp.exe files to achieve high scalability and isolation • ASP.NET manages app domains independently • Recycled within a single process • Can have private components, session variables , etc. App pool App pool WAS W3wp.exe W3wp.exe ASP.NET ASP.NET Http.sys

  8. Making Applications More Reliable Periodic Process Recycling • What is it? • Periodically restart applications based on • Uptime • # of requests • Scheduled time • Memory consumption • On demand • Why use it? • Refresh apps to ensure availability • Prevent bad apps from taking over the system

  9. Making Applications More ReliableWeb Farm Session State • Session state can be stored in an external process • ASPState Service • Microsoft® SQL Server™ 2000 • Big reliability wins • Session state survives crashes/restarts • Enables Web farm deployment • Session state can now be shared across a Web farm of ASP.NET servers • Applications no longer tied to one computer • Design your apps to be recycled!

  10. Increasing Application Scale & PerformanceCaching Responses in Http.sys • E-commerce benchmark from Doculabs. Measures the overall performance of some scenarios that are commonly used by e-commerce sites. • Log on, browse items, search, shopping cart operations, check out. • Static file caching, database operations, session state management. 1P: 49% 4P: 120% 8P: 170% Reqs/sec 4P: 3.3x 8P: 5.0x

  11. Increasing Application Scale & PerformanceCaching Responses in Http.sys (2) • Cached responses served straight from Http.sys • Much faster when served from kernel – no user-mode transition • Your apps will not see requests if served from cache • Invalidation API callback • Also leverage “Expires” header to automatically set “staleness” timeout for cached responses

  12. With Cache Request Response Request Response GET http:www.wideworldimporters.com/store/sproketcatalog.aspx Dynamic Kernel Caching Without Cache

  13. Worker process Worker process Worker process Worker process ISAPI Extension ISAPI Extension ISAPI Extension ASP.NET ISAPI filter ISAPI filter ISAPI filter ISAPI filter Increasing .NET Scale & PerformanceIIS 6.0 Web Gardens and Processor Affinity • Web gardens • Application pool with more than one worker process • Connection-based routing within garden • Create processor affinity • Bind application pool processes to one or more CPUs • Mask-based configuration Web garden application pool WAS Http.sys

  14. Increasing .NET Scale & PerformanceIdle Timeout and Demand Start • Idle timeout • Timeout and shutdown idle processes if process is idle for given period of time. • Frees resources for active applications. • Apps still available even if worker process idles out and is shut down! • Demand start • Only start worker process if there is demand for the application pool. • Application considerations • Use idle timeout to free up resources for other heavy-use applications. • Consider disabling idle timeout if starting an application takes a long time.

  15. Increasing .NET Scale & PerformanceSSL Enhancements • SSL StreamFilter can be hosted in Lsass.exe process (can give up to 25% throughput gains in SSL loads) • Reduction of cross-process marshaling and context switching for SSL interactions • Not hosted by default, because it could force service packs to require reboots • No application change – just configure through registry switch • Progressive SSL thread pool • Load-aware and adjusts parallelism depending on load • Significant performance work on MP machines • Increases up to two times for some workloads on eight-processor machines

  16. Increasing .NET Scale & PerformanceSites and Applications per Computer • Targeting tens of thousands of sites per computer (single- and dual-processor) • Re-designed start-up and shut-down routines for lazy site initialization • Centralized, binary logging • Option to have one central log file per computer rather than tens of thousands when doing dense hosting • Ability to isolate is a factor of available memory

  17. Increasing .NET Scale & PerformanceAttributes of Scalable Web Applications • Stateless • Application code and components can be restarted cheaply; session state is managed externally in some sort of state store • Low initialization costs • Applications should avoid doing heavy processing at startup or assume that they will run for a long time

  18. Increasing .NET Scale & PerformanceAttributes of Scalable Web Applications (2) • Can have multiple instances • All the components and classes of an application should be able to have multiple instances in separate processes without namespace or locking issues • Expect administrator-imposed limits • Your application is likely to have • CPU limits • Memory limits • Processor affinity imposed

  19. Increasing .NET Scale & PerformanceExtensions to Core ISAPI Interface • ISAPI Programming Interface (performance and scalability) • VectorSend() – allows the specification of discontiguous buffers and file handles in one send call to a client • VectorSend() – advantages • Less formatting and copying of responses (reduces need to allocate or copy memory) • Potentially fewer sends to the client (removes network latency for getting a response to its destination)

  20. Increasing .NET Scale & PerformanceExtensions to Core ISAPI Interface(2) • ISAPI Programming Interface (performance and scalability) (continued) • FinalSend flag – tells IIS that this send is the final send for the response • Fast Path for sending data • Reduces kernel and user transitions • Dynamic caching – cache the data response from a dynamic request to later serve from the kernel • Allows ASP.NET output cache and anything built on ISAPI to cache dynamic responses • Can cache more than 2 GB of responses for an application on an IA-32 platform

  21. Securing ApplicationsLocked Down by Default • IIS not installed on a clean install, by default, and is disabled on upgrades • IIS serves static files by default • 404 errors for disabled application extensions • ASP.NET, FPSE, and FTP not installed by default • ASP.NET enabled when installed • Only known extensions served • Unknown = 404.3

  22. Securing ApplicationsLocked Down by Default (2) • New Security console used to enable application extensions • Individual ISAPI extensions and CGIs • Enable FrontPage® Server Extensions and ASP.NET to publish by using Visual Studio® .NET for intranet or Dev server • Or just enable ASP.NET to allow ASP.NET apps to be served

  23. Securing Your .NET ApplicationsLocked Down by Default, Part 2 • Code security • Buffer overflow checks • Automated in Windows® build environment • Visual C++® compiler supported (/GS) • Secure defaults • Timeouts and limits • No samples, vdirs, “adminscripts” • Penetration test assessment • Internal • External

  24. Securing Your .NET ApplicationsConfigurable Worker Process Identity • Worker process can be started as: • Network Service (default) • Local System • Local Service • Configured ID • IIS_WPG • New user group • IIS resources ACLed to this group

  25. Securing Your .NET ApplicationsRecommendations • Only unlock what is needed to run your ASP.NET applications • Lock down (disable) any other ISAPI extensions that are not required, like ASP • Run worker processes as Network Service or another low-privileged account

  26. Metabase.xml MBSchema.xml Making .NET Apps More ManageableMetabase Improvements • XML metabase • Now stored in XML • Auto-versioning is like an automatic backup • Edit while running • Allows you to make changes directly to the Metabase.xml file while IIS is running • Any editor can be used (Notepad .NET or PERL or other text editor) UI ADSI Admin Base Objects

  27. UI ADSI Admin Base Objects Metabase.xml MBSchema.xml Making .NET Apps More ManageableMetabase Improvements – Import and Export • Export and import metabase config to and from XML • Options include: • Export and import inherited properties • Export/Import node only (or entire subtree) • Password encrypt exported file • Use in conjunction with ASP.NET XCOPY deployment of apps • Export IIS 6.0 metabase config for ASP.NET application and store in application directory • Import app metabase config file after XCOPY

  28. Making .NET Applications More ManageableWMI Provider and New Command-Line Tools • IIS WMI provider • Query support • Associations • Scriptable • New command-line tools • Task-based approach • Supported tools are in %windir%\system32 • Based on WMI provider • Example: use Iiscnfg.vbs as part of .NET application migration strategy between two IIS 6.0 computers Command- Line Tools UI WMI ADSI Admin Base Objects Metabase.xml MBSchema.xml

  29. Summary • We are just making it better on IIS 6.0 by making .NET applications more • Secure • Reliable • Scalable • Manageable

  30. Thank you for joining us for today’s Microsoft Support WebCast. For information about all upcoming Support WebCasts and access to the archived content (streaming media files, PowerPoint® slides, and transcripts), visit: http://support.microsoft.com/webcasts/ We sincerely appreciate your feedback. Please send any comments or suggestions about the Support WebCasts to supweb@microsoft.com.