accelerate it!€¦ · .NET integration Forms + .NET role membership providers Application Pool Isolation by default. Ultimate low footprint web server Lower memory requirement Lean

{ accelerate it! }

Jorke OdolphiWeb Platform Architect EvangelistMicrosoft Australia

IIS yesterday and today

PHP and FastCGI

Configuration

Security

Management

Performance

Send Response

Log Compress

NTLM Basic

Determine

Handler

CGI

Static File

Authentication

Anon

Monolithic implementation

Install all or nothing

Extend server functionality

only through ISAPI

ASP.NET

PHPISAPI

Send Response

Log Compress

NTLM Basic

Determine

Handler

CGI

Static File

ISAPI

Authentication

Anon

SendResponse

Authentication

Authorization

ResolveCache

ExecuteHandler

UpdateCache

Server functionality is

split into ~ 40

modules...Modules plug into a generic

Modules extend server functionality through a public module API

• Runtime limitations

• Only sees ASP.NET requests

• Feature duplication

Send Response

Log Compress

NTLM Basic

Determine

Handler

CGI

Static File

ISAPI

Authentication

Anon

Authentication

Forms Windows

Map Handler

ASPX

Trace

aspnet_isapi.dll

Classic Mode• runs as ISAPI

Integrated Mode• .NET modules / handlers

plug directly into pipeline

• Process all requests

• Full runtime fidelity

Log

Compress

Basic

Static File

ISAPI

Anon

SendResponse

Authentication

Authorization

ResolveCache

ExecuteHandler

UpdateCache

Authentication

Forms Windows

Map Handler

ASPX

Trace

aspnet_isapi.dll

Collaboration with Zend

Develop and deploy on the same platform

Built in support for FastCGI

Reuse of CGI processes, PHP, PERL, Ruby

much faster than standard CGI

Integrated Fast CGI Module part of IIS 7.0

NET

global settings

.NET Framework

Global web.configmachine.config

IIS 7applicationHost.config

Site Root web.config

<system.web>

.NET settings

..

<system.webServer>

IIS 7 Delegated settings

ASP.NET

global settings

Global settings

and location tags

{configuring Windows 2008 for web workloads }

appcmd set config

/section:system.webServer/fastCGI

/+[fullpath='c:\php\php-cgi.exe']

appcmd set config /section:handlers

/+[name='PHP5',path='*.php',verb='GET,HEAD,PO

ST',modules='FastCgiModule',scriptProcessor='

c:\php\php-cgi.exe',resourceType='File']

Secure by default

Modular thus smaller attack surface

.NET integration

Forms + .NET role membership providers

Application Pool Isolation by default

Ultimate low footprint web server Lower memory requirement

Lean OS configuration

Minimize attack and maintenance surface

architecture

Powerful IIS command-line management interface

AppCmd scripts and batch files

IIS 7 integrates URLScan style rules

config

Rules stored in web.config for portability

User access to sites, folders, or files without using NTFS

URL auth inspired by ASP.NET URL authorization, but designed for admins

Rules are stored in .config files for portability

All applications can use due to integrated pipeline

Each pool with unique identity

Anon user assumes pool identity

Application Pool SandboxConfiguration Isolation: secure config for pool

SID Injection: unique SID for each pool

Easier configuration and management

App pool ID auto joins IIS_USR (was IIS_WPG)

Worker Process

(W3WP.EXE)Service Host (SVCHost.EXE)

Windows

Process

Activation

Service

(WAS)

World Wide

Web Service

(W3SVC)

applicationhost.config

SID Injection

AppPool: newPool

username:

newPoolUser

password:

<password>

Active Directory

Token

Token

UsersDomain

Users

EveryoneLOGON_

BATCH

HRGroup <others>

IIS_

IUSRS newPoolNewPool\

Wwwroot\

default.htm

ACLAdministrator:F

System:F

SiteOwner:F

newPool:F

OK

Otherpool\

Wwwroot\

default.htm

ACLAdministrator:F

System:F

SiteOwner:F

otherPool:F

Denied

{ server core + forms auth }

APPCMDCommand line

Managed CodeMicrosoft.Web.Administration

WMIIIS Namespace

Powershell with managed API and WMI

View detailed errors in the browser with prescriptive guidance

New APIs expose runtime diagnostic informationE.g. See all currently executing requests

Rapidly troubleshoot faulty applications

Configurable per application or URL

Failed request log chronicles events for trigger

Extensible eventing system

{ management + troubleshooting }

appcmd list requests

appcmd list requests /site.id:1

[system.reflection.assembly]::LoadFrom(“c:\windows\system32\i

netsrv\Microsoft.Web.Administration.dll”)

$rq = new-object Microsoft.Web.Administration.ServerManager

$rq.workerprocesses | foreach-object {$._GetRequests(0)}

Better compression for static and dynamic

Output caching a module

Per URL / query string / request headers

Huge improvements to allow for high density or high availability

Multiple servers sharing the same config

Updates to config occur in one place

No config sync required

Config cached in case of disconnect

Generally for homogeneous farms

installs,modules, certs

{ performance + scaling }

Enable Output Caching for semi-dynamic pages

Low bandwidth Branch Offices?

Enable Dynamic Compression (~ 5% CPU overhead)

Need to run many web apps on a single box?

Run IIS worker processes in Wow64 mode

Room for the OS, scalability for your web apps

-AppPool setting now: Enable32BitAppOnWow64

Thinking about buying new Web Server hardware?

W2K8 scales extremely well on new multi-proc boxes (4 and 8 core)

ASP.NET op caching vs. IIS op caching vs. KM output caching

1000s of requests per second?

-investigate

You * script-mapped all requests to ASP.NET in IIS6? Integrated Pipeline is much faster than an IIS6 * scriptmapsolution

Try together with IIS7 URL Authorization.

PHP applications?PHP on top of FastCGI is much faster than traditional CGI

The majority of your requests go to your Default Document?

Put it on top of the list

Otherwise IIS7 has to check every time

Static default documents will be cached in kernel-mode

Looking for tools to measures web server performance? Try WCAT 6.3 from www.iis.net/downloads

Supports more web application scenarios

Fully featured Web server supporting IIS7,SharePoint and the .NET framework

Windows Media Services 2008

SQL Server allowed for local web applications

Enhanced hardware specification

Up to 4 processors

Up to 32GB RAM on x64 Servers

Streamlined server with small footprint

Only includes Web components and role

Server Core installation for minimal footprint

{ Jorke Odolphi}

© 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the

U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this

presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft,

and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation.

MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Common HTTP Web Server Components

DirectoryListingModule

CustomErrorModule

StaticFileModule DefaultDocumentModule

HttpRedirect

Security

BasicAuthModule

DigestAuthModule

WindowsAuthModule

CertificateAuthModule

AnonymousAuthModule

IPSecurityModule

UrlAuthorizationModule

RequestFilteringModule

Health and

Diagnostics

HttpLoggingModule

CustomLoggingModule

RequestMonitorModule

HTTPTracingModule

ODBCLogging

LoggingLibraries

Application

Development

ISAPIModule

ISAPIFilterModule

CGIModule

ServerSideIncludeModule

NetFxExtensibility

ASP

ASP.NET

Performance

HTTPStaticCompression

HTTPDynamicCompression

Management

ManagementConsole

ManagementService

ManagementScripting

Metabase

WMICompatibility

LegacyScripts

LegacySnap-in

FTP Publishing

FTPServer

FTPManagement

Windows Process Activation Service

ConfigurationAPIProcessModel NetFxEnvironment