slide1 l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Microsoft Internet Information Services 6.0 Overview Bill Staples and Jerry Bryant IIS Team Microsoft Corporation PowerPoint Presentation
Download Presentation
Microsoft Internet Information Services 6.0 Overview Bill Staples and Jerry Bryant IIS Team Microsoft Corporation

Loading in 2 Seconds...

play fullscreen
1 / 30

Microsoft Internet Information Services 6.0 Overview Bill Staples and Jerry Bryant IIS Team Microsoft Corporation - PowerPoint PPT Presentation


  • 467 Views
  • Uploaded on

Microsoft Internet Information Services 6.0 Overview Bill Staples and Jerry Bryant IIS Team Microsoft Corporation Agenda Making the Web infrastructure better Securing applications Making applications more reliable Faster and more scalable Improving manageability Resources Q&A

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Microsoft Internet Information Services 6.0 Overview Bill Staples and Jerry Bryant IIS Team Microsoft Corporation' - lotus


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide1

Microsoft Internet Information Services 6.0 OverviewBill Staples and Jerry Bryant IIS TeamMicrosoft Corporation

agenda
Agenda
  • Making the Web infrastructure better
    • Securing applications
    • Making applications more reliable
    • Faster and more scalable
    • Improving manageability
  • Resources
  • Q&A
making the web application infrastructure better
Making the Web Application Infrastructure Better
  • New process model
  • Application pools
  • Recycling
  • Health detection

Reliable

  • Web gardens
  • More applications per machine
  • Demand start and idle timeout
  • Kernel cache for storing responses

Scalable

  • Locked down by default
  • Constrained, delegated authentication
  • Configurable worker process ID

Secure

  • XML metabase
  • WMI provider
  • Supported command-line tools

Manageable

making applications more reliable a new architecture for iis 6 0

W3wp.exe

W3wp.exe

W3wp.exe

web app

web app

web app

Web App

Http.sys

Kernel

Making Applications More Reliable A New Architecture for IIS 6.0
  • Goal: Enable complete app isolation from other Web apps and core Web server
  • Web service in INETINFO split out to do this:
    • Http.sys: Kernel mode listener and request router
    • WAS: Config and process manager
    • W3wp.exe: Where Web apps are processed
  • Multiple W3wp.exe files

WAS

iis 6 0 architecture the transition from iis5 to iis6

Web Garden

Application Pool 1

Application Pool 2

INETINFO

WAS

W3wp.exe

W3wp.exe

W3wp.exe

W3wp.exe

W3wp.exe

W3wp.exe

DLLHOST.exe

ASP.NET ISAPI

ASP.NET ISAPI

ASP.NET ISAPI

ASP.NET ISAPI

ISAPI

Extensions

(ASP, etc.)

ISAPI

Extensions

(ASP, etc.)

ISAPI

Extensions

(ASP, etc.)

metabase

CLR App Domain

CLR App Domain

CLR App Domain

CLR App Domain

Config Mgr

Process Mgr

CLR App Domain

CLR App Domain

CLR App Domain

CLR App Domain

ISAPI Filters

ISAPI Filters

ISAPI Filters

Http.sys

IIS 6.0 ArchitectureThe transition from IIS5 to IIS6

INETINFO

Aspnet_wp.exe

metabase

ASP.NET

ISAPI

CLR App Domain

CLR App Domain

CLR App Domain

TCP/IP

making applications more reliable application pools
Making Applications More ReliableApplication Pools
  • Can create one or more application pools
    • Each served by one or more W3wp.exe files
    • Each W3wp.exe serves only one pool
    • Reqs routed directly to pool by Http.sys
  • Isolate apps based on
    • Site and customer
    • Functionality
    • Reliability
making applications more reliable net application domains vs application pools

Application Pool

W3wp.exe

ASP.NET

App

Domain

App

Domain

App

Domain

App

Domain

App

Domain

App

Domain

App

Domain

App

Domain

Making Applications More Reliable .NET Application Domains vs. Application Pools
  • Application domains
    • Lightweight CLR unit of isolation
    • One app domain per IIS application
    • Combine with W3wp.exe files to achieve high scalability and isolation
    • ASP.NET manages app domains independently
      • Recycled within a single process
      • Can have private components, session variables , etc.

App pool

App pool

WAS

W3wp.exe

W3wp.exe

ASP.NET

ASP.NET

Http.sys

making applications more reliable periodic process recycling
Making Applications More Reliable Periodic Process Recycling
  • What is it?
    • Periodically restart applications based on
      • Uptime
      • # of requests
      • Scheduled time
      • Memory consumption
      • On demand
  • Why use it?
    • Refresh apps to ensure availability
    • Prevent bad apps from taking over the system
making applications more reliable web farm session state
Making Applications More ReliableWeb Farm Session State
  • Session state can be stored in an external process
    • ASPState Service
    • Microsoft® SQL Server™ 2000
  • Big reliability wins
    • Session state survives crashes/restarts
  • Enables Web farm deployment
    • Session state can now be shared across a Web farm of ASP.NET servers
    • Applications no longer tied to one computer
  • Design your apps to be recycled!
increasing application scale performance caching responses in http sys
Increasing Application Scale & PerformanceCaching Responses in Http.sys
  • E-commerce benchmark from Doculabs. Measures the overall performance of some scenarios that are commonly used by e-commerce sites.
    • Log on, browse items, search, shopping cart operations, check out.
    • Static file caching, database operations, session state management.

1P: 49%

4P: 120%

8P: 170%

Reqs/sec

4P: 3.3x

8P: 5.0x

increasing application scale performance caching responses in http sys 2
Increasing Application Scale & PerformanceCaching Responses in Http.sys (2)
  • Cached responses served straight from Http.sys
    • Much faster when served from kernel – no user-mode transition
    • Your apps will not see requests if served from cache
  • Invalidation API callback
  • Also leverage “Expires” header to automatically set “staleness” timeout for cached responses
dynamic kernel caching

With

Cache

Request

Response

Request

Response

GET http:www.wideworldimporters.com/store/sproketcatalog.aspx

Dynamic Kernel Caching

Without

Cache

increasing net scale performance iis 6 0 web gardens and processor affinity

Worker

process

Worker

process

Worker

process

Worker

process

ISAPI

Extension

ISAPI

Extension

ISAPI

Extension

ASP.NET

ISAPI filter

ISAPI filter

ISAPI filter

ISAPI filter

Increasing .NET Scale & PerformanceIIS 6.0 Web Gardens and Processor Affinity
  • Web gardens
    • Application pool with more than one worker process
    • Connection-based routing within garden
  • Create processor affinity
    • Bind application pool processes to one or more CPUs
    • Mask-based configuration

Web garden application pool

WAS

Http.sys

increasing net scale performance idle timeout and demand start
Increasing .NET Scale & PerformanceIdle Timeout and Demand Start
  • Idle timeout
    • Timeout and shutdown idle processes if process is idle for given period of time.
    • Frees resources for active applications.
    • Apps still available even if worker process idles out and is shut down!
  • Demand start
    • Only start worker process if there is demand for the application pool.
  • Application considerations
    • Use idle timeout to free up resources for other heavy-use applications.
    • Consider disabling idle timeout if starting an application takes a long time.
increasing net scale performance ssl enhancements
Increasing .NET Scale & PerformanceSSL Enhancements
  • SSL StreamFilter can be hosted in Lsass.exe process (can give up to 25% throughput gains in SSL loads)
    • Reduction of cross-process marshaling and context switching for SSL interactions
    • Not hosted by default, because it could force service packs to require reboots
    • No application change – just configure through registry switch
  • Progressive SSL thread pool
    • Load-aware and adjusts parallelism depending on load
  • Significant performance work on MP machines
    • Increases up to two times for some workloads on eight-processor machines
increasing net scale performance sites and applications per computer
Increasing .NET Scale & PerformanceSites and Applications per Computer
  • Targeting tens of thousands of sites per computer (single- and dual-processor)
  • Re-designed start-up and shut-down routines for lazy site initialization
  • Centralized, binary logging
    • Option to have one central log file per computer rather than tens of thousands when doing dense hosting
  • Ability to isolate is a factor of available memory
increasing net scale performance attributes of scalable web applications
Increasing .NET Scale & PerformanceAttributes of Scalable Web Applications
  • Stateless
    • Application code and components can be restarted cheaply; session state is managed externally in some sort of state store
  • Low initialization costs
    • Applications should avoid doing heavy processing at startup or assume that they will run for a long time
increasing net scale performance attributes of scalable web applications 2
Increasing .NET Scale & PerformanceAttributes of Scalable Web Applications (2)
  • Can have multiple instances
    • All the components and classes of an application should be able to have multiple instances in separate processes without namespace or locking issues
  • Expect administrator-imposed limits
    • Your application is likely to have
      • CPU limits
      • Memory limits
      • Processor affinity imposed
increasing net scale performance extensions to core isapi interface
Increasing .NET Scale & PerformanceExtensions to Core ISAPI Interface
  • ISAPI Programming Interface (performance and scalability)
    • VectorSend() – allows the specification of discontiguous buffers and file handles in one send call to a client
    • VectorSend() – advantages
      • Less formatting and copying of responses (reduces need to allocate or copy memory)
      • Potentially fewer sends to the client (removes network latency for getting a response to its destination)
increasing net scale performance extensions to core isapi interface 2
Increasing .NET Scale & PerformanceExtensions to Core ISAPI Interface(2)
  • ISAPI Programming Interface (performance and scalability) (continued)
    • FinalSend flag – tells IIS that this send is the final send for the response
      • Fast Path for sending data
      • Reduces kernel and user transitions
    • Dynamic caching – cache the data response from a dynamic request to later serve from the kernel
      • Allows ASP.NET output cache and anything built on ISAPI to cache dynamic responses
      • Can cache more than 2 GB of responses for an application on an IA-32 platform
securing applications locked down by default
Securing ApplicationsLocked Down by Default
  • IIS not installed on a clean install, by default, and is disabled on upgrades
  • IIS serves static files by default
    • 404 errors for disabled application extensions
    • ASP.NET, FPSE, and FTP not installed by default
    • ASP.NET enabled when installed
  • Only known extensions served
    • Unknown = 404.3
securing applications locked down by default 2
Securing ApplicationsLocked Down by Default (2)
  • New Security console used to enable application extensions
    • Individual ISAPI extensions and CGIs
    • Enable FrontPage® Server Extensions and ASP.NET to publish by using Visual Studio® .NET for intranet or Dev server
    • Or just enable ASP.NET to allow ASP.NET apps to be served
securing your net applications locked down by default part 2
Securing Your .NET ApplicationsLocked Down by Default, Part 2
  • Code security
    • Buffer overflow checks
      • Automated in Windows® build environment
      • Visual C++® compiler supported (/GS)
  • Secure defaults
    • Timeouts and limits
    • No samples, vdirs, “adminscripts”
  • Penetration test assessment
    • Internal
    • External
securing your net applications configurable worker process identity
Securing Your .NET ApplicationsConfigurable Worker Process Identity
  • Worker process can be started as:
    • Network Service (default)
    • Local System
    • Local Service
    • Configured ID
  • IIS_WPG
    • New user group
    • IIS resources ACLed to this group
securing your net applications recommendations
Securing Your .NET ApplicationsRecommendations
  • Only unlock what is needed to run your ASP.NET applications
  • Lock down (disable) any other ISAPI extensions that are not required, like ASP
  • Run worker processes as Network Service or another low-privileged account
making net apps more manageable metabase improvements

Metabase.xml

MBSchema.xml

Making .NET Apps More ManageableMetabase Improvements
  • XML metabase
    • Now stored in XML
    • Auto-versioning is like an automatic backup
  • Edit while running
    • Allows you to make changes directly to the Metabase.xml file while IIS is running
    • Any editor can be used (Notepad .NET or PERL or other text editor)

UI

ADSI

Admin Base Objects

making net apps more manageable metabase improvements import and export

UI

ADSI

Admin Base Objects

Metabase.xml

MBSchema.xml

Making .NET Apps More ManageableMetabase Improvements – Import and Export
  • Export and import metabase config to and from XML
  • Options include:
    • Export and import inherited properties
    • Export/Import node only (or entire subtree)
    • Password encrypt exported file
  • Use in conjunction with ASP.NET XCOPY deployment of apps
    • Export IIS 6.0 metabase config for ASP.NET application and store in application directory
    • Import app metabase config file after XCOPY
making net applications more manageable wmi provider and new command line tools
Making .NET Applications More ManageableWMI Provider and New Command-Line Tools
  • IIS WMI provider
    • Query support
    • Associations
    • Scriptable
  • New command-line tools
    • Task-based approach
    • Supported tools are in %windir%\system32
    • Based on WMI provider
    • Example: use Iiscnfg.vbs as part of .NET application migration strategy between two IIS 6.0 computers

Command- Line Tools

UI

WMI

ADSI

Admin Base Objects

Metabase.xml

MBSchema.xml

summary
Summary
  • We are just making it better on IIS 6.0 by making .NET applications more
    • Secure
    • Reliable
    • Scalable
    • Manageable
slide30
Thank you for joining us for today’s Microsoft Support

WebCast.

For information about all upcoming Support WebCasts

and access to the archived content (streaming media

files, PowerPoint® slides, and transcripts), visit:

http://support.microsoft.com/webcasts/

We sincerely appreciate your feedback. Please send any

comments or suggestions about the Support

WebCasts to supweb@microsoft.com.