Proven Scale MySpace - 23 Billion Page* Views/Month Microsoft.com - 10k Req/sec & 300K Connections Match.com 30 million page view daily Proven Security.

Introducing IIS7:Microsoft’s Next Generation Web Server

IIS 6 Today : A Proven Platform

Proven ScaleMySpace - 23 Billion Page* Views/MonthMicrosoft.com - 10k Req/sec & 300K ConnectionsMatch.com 30 million page view daily

Proven SecurityNo critical IIS 6 hotfixes since RTM

as of 5/20/07

Proven Trust54% of Fortune 1000 use IIS (port80software.com)

A solid foundation to build on.

Security Progress for IIS

Notes •MS02-011 & 012 not included: updates SMTP service only

•ASP.NET adds: 1 – v 2.0 2 - v 1.1 3 - v 1.0

Two security patches for IIS 6 since RTM (>3 yrs)

= Critical

= Rollup with X updates

X

IIS 6

IIS 5

2002 2003 2004 2005

IIS 4

4/15Server2003 RTM

4/1002-018

6/1102-028

10/3002-062

5/2803-018

10/1204-021

(WebDAV DoS)

7/1304-021

8

8

4

4

4

4

< Critical

200606/1106-034

(ASP)

Internet Information Services (IIS) 7.0More than a Web server, Internet Information Services 7.0 provides an accessible, extensible platform for developing and reliably hosting Web applications and services

Modular Architecture

Manageable

Built in Request Tracing

Extensible Design

Integrated with .NET

IIS 7.0 Enhancements

CreateStreamline

dServersReduced

Attack Surface

Extend/Modify IIS Features

Rapid Application Deployment

FastDiagnostics

Microsoft.com on IIS 7

Beta 3 of Windows Server 2008 since June 12Great Compatibility

99%+ ASP and ASP.NET workedOne application encountered breaking change out of 260

Classic ASP mode and AppCmd

And lovedNew UI, death of metabase, shared config, failed request tracing etc.

http://blogs.technet.com/mscom/archive/2007/09/07/the-tasty-morsels-found-in-dogfood-mscom-ops-top-10-changes-in-iis7-0.aspx

Extensible Design

IIS6 Architecture - Request Processing

Send ResponseLog Compres

s

NTLM Basic

Determine

Handler

CGI

Static File

AuthenticationAnon

Monolithic implementationInstall all or nothing…

Extend server functionality only through ISAPI…

ASP.NET

PHPISAPI

…

…

IIS7 Architecture - Request Processing

Send ResponseLog Compres

s

NTLM Basic

Determine

Handler

CGI

Static File

ISAPI

AuthenticationAnon

SendResponse

Authentication

Authorization

ResolveCache

ExecuteHandler

UpdateCache

…

…

Server functionality is split into ~ 40 modules...

Modules plug into a generic request pipeline…

Modules extend server functionality through a public module API.

…

…

View Default Running Modules

C:\Windows\System32\inetsrv\config

The Many Benefits of IIS7’s Modular Design

IIS 6 IIS 7 Benefits

Architecture Monolithic Modular Customize, Extend,Streamline

Setup Most Features installed (many disabled)

Minimal installation for designated role

Increased Security

Extend Features

ISAPI filters and ISAPI extensions

Add modules and handlers in native or managed code

Easier to develop application and administration features

Customize UI Possible, but not common.

Extensible, modular, based on .NET

Much easier for developers to provide new admin features

Extensibility

IIS 6 IIS 6 extensibility limited to ISAPI filter and extensionsUI modifications in MMC are challengingDifficult to extend IIS 6 SchemaWeb service activation using http only

IIS 7Native or manage code modules and handlersEasy to add your apps to UISimple to extend IIS 7 schemaInstrument apps to integrate with IIS 7 tracingHost web services using non-http protocols

Instantly you can tell it is new...

The New IIS 7 ManagerCompletely redesigned IIS Manager

Task-oriented Context sensitive ‘Actions’ paneTabs are replaced with Icons

Allows IIS & and ASP.NET configurationIcons instead of tabsProvides managed extensibility

Add new management and IIS featuresApplication configuration can integrate into UI

View health and diagnostics within the UIBuilt in remote administration over httpsManage 1 or 1000’s of sites

Introducing the IIS Manager

demo

.NET Integration

Integrated Application Pool Application Pool architecture based on IIS 6

Familiar settings for recycling, health monitoring, and process identity are unchanged

Two pool types in IIS 7Integrated (default)

Allows use of managed code to provide pipeline services for all requests

Example: .NET Forms authentication for PerlIntegrated is the default for new pools

Classic Works same as IIS 6Ensures .NET compatibility

.NET IntegrationSimplifies security and administration

Leverage the power of .NET for all content with managed global modules

Forms Authentication

URL Authorization

.NET Caching

.NET Role and Membership Providers

New APIs manage both IIS 7 and .NET

Enables Xcopy deployment scenarios

IIS6 ASP.NET IntegrationISAPI-based Implementation

Only sees ASP.NET requests

Feature duplication

Send ResponseLog Compres

s

NTLM Basic

Determine

Handler

CGI

Static File

ISAPI

AuthenticationAnon

…

…

AuthenticationForm

sWindow

s

Map Handl

er

ASPX

Trace

……

…

aspnet_isapi.dll

IIS7 ASP.NET IntegrationTwo App Pool Modes

Classic (IIS 6)

Integrated Mode

.NET modules / handlers plug directly into pipeline

Process all requests

Full runtime fidelity

Log

Compress

Basic

Static File

ISAPI

Anon

SendResponse

Authentication

Authorization

ResolveCache

ExecuteHandler

UpdateCache

…

…AuthenticationForm

sWindo

ws

Map Handl

er

ASPX

Trace

……

…

aspnet_isapi.dll

Migrating to Integrated ASP.NETHandler and module configuration settings have moved:

system.web/httpHandlers → system.webServer\handlerssystem.web/httpModules → system.webServer\modules

Setting the “managedHandler” precondition for a module means “execute only for ASP.NET requests”

Better Management

Built in Remote AdministrationUse IIS Manager from

XP, Vista, Windows Server 2003/2008

No administration website required!Secure, firewall-friendly connection over HTTP/SSLFully customizable

Supports auto-deployment of new Administration features from server->clientCan hide features remote user cannot edit

IIS 7 Configuration SystemMoved from Metabase.xml (and .bin) to Applicationhost.configFile based configuration improves manageability

XML – integrate with XML readers and APIsConfig can be copied to other serversEasier to read Facilitates backup, restore and editing

You now have choices about how to manage IIS configuration

Centralized ConfigurationDelegated Administration Shared Configuration

Configuration System.NET + IIS7

NET global settings

ASP.net global settings

Global settings and location tags

Contoso.com \ Orders

.NET Framework Global web.config

Machine.config

IIS 7Applicationhost.config

Site RootWeb.config

<system.web>.NET settings

..

..

..

<system.webServer>IIS7 Delegated settings

..

Contso.com root

Delegated AdministrationDelegate control to site ownersSite owners control designated settings without elevated server privilegesDelegated settings written to Web.config files

Site and/or application levelShared with ASP.net configurationXCopy deploy configuration and content

Granular control over delegated settings allows precise locking

Example:Require Windows Authentication - let site owner control turn on/off Basic.

Shared ConfigurationAll web servers can share a single applicationhost.configEliminates configuration replication in a web farmEasily stage and rollback config changesAll administration tools are redirected to a common UNC pathDoes not replicate contentFirst appearance in Longhorn Beta 3

Staging and Rollback

IIS7

XML

AppHost.config

IIS7

IIS7

UNCStaging New Config

Version 2

Version 1

Easily manage multiple configuration versions for staging and rollback

A lap around administration

demo

Automating IIS 7 ManagementAPPCMD

General purpose command line toolQuery and control state, change settings, add sites and vdirs

Managed Code APIMicrosoft.Web.Administration

WMIImproved namespace for IIS7

ADSI compatibilityPowershell

use with Managed API and WMI

IIS7 Administration Toolssimple

cmd-linesyntax

powerfulmgmt

objects

inline help& multiple

outputs

Appcmd – Listing and FilteringC:\> appcmd list sites

SITE "Default Web Site" (id:1,bindings:HTTP/*:80:,state:Started)SITE "Site1" (id:2,bindings:http/*:81:,state:Started)SITE "Site2" (id:3,bindings:http/*:82:,state:Stopped)

C:\> appcmd list requests

REQUEST "fb0000008000000e" (url:GET /wait.aspx?time=10000,time:4276 msec,client:localhost)

C:\> appcmd list requests /apppool.name:DefaultAppPool

C:\> appcmd list requests /wp.name:3567

C:\> appcmd list requests /site.id:1

Filter results by application pool, worker process, or site

Scripting: IIS6 WMI Provider

Create Site

Create Virtual Directory

Create Application

NOT CONSISTENTSet oIIS = GetObject("winmgmts:root\MicrosoftIISv2")

' Create binding for new siteSet oBinding = oIIS.Get("ServerBinding").SpawnInstance_oBinding.IP = ""oBinding.Port = "80"oBinding.Hostname = "www.site.com"

' Create site and extract site name from return valueSet oService = oIIS.Get("IIsWebService.Name='W3SVC'")

strSiteName = oService.CreateNewSite("NewSite", array(oBinding), "C:\inetpub\wwwroot")

Set objPath = CreateObject("WbemScripting.SWbemObjectPath") objPath.Path = strSiteNamestrSitePath = objPath.Keys.Item("")

Set oSite = oIIS.Get("IIsWebServer.Name='" & strSitePath & "'")oSite.Start

' Create the vdir for our application

Set oVDirSetting = oIIS.Get("IIsWebVirtualDirSetting").SpawnInstance_ oVDirSetting.Name = strSitePath & "/ROOT/bar" oVDirSetting.Path = "C:\inetpub\bar" oVDirSetting.Put_

' Make the VDir an applicationSet oVDir = oIIS.Get("IIsWebVirtualDir.Name='" & strSitePath & "/ROOT/bar'")

oVDir.AppCreate2

Scripting: new WMI Provider

Set oService = GetObject("winmgmts:root\WebAdministration")

' Create binding for siteSet oBinding = oService.Get("BindingElement").SpawnInstance_oBinding.BindingInformation = "*:80:www.site.com"oBinding.Protocol = "http"

' Create site oService.Get("Site").Create _ "NewSite", array(oBinding), "C:\inetpub\wwwroot"

' Create application oService.Get("Application").Create _ "/foo", "NewSite", "C:\inetpub\wwwroot\foo"

Static Create methods

CONSISTENT

Compatibility: ABO MapperProvides compatibility for:

scripts

command line tools

native calls into ABO

Not installed by default

Install IIS 6 Compatibility

Can only do what IIS6 could do…Can’t read/write new IIS properties

Application Pools: managedPipelineMode, managedRuntimeVersion

Request Filtering

Failed Request Tracing

Can’t read/write ASP.NET properties

Can’t read/write web.config files

Can’t access new runtime data, e.g. worker processes, executing requests

applicationHost.config

IISADMIN

ABOMapper

IIS6 ADSI Script

Built in Request Tracing

Tracing and DiagnosticsView Detailed Errors in the Browser

New errors provide prescriptive guidance

Access Runtime State Info in Real-TimeNew APIs expose all runtime diagnostic information

Ex. See all currently executing requests

Rapidly Troubleshoot Faulty ApplicationsRules define ‘failures’ that triggers report of pipeline events

Define by http result code and/or time taken

Configurable per application or URLQuickly identify bottlenecks Developers can add custom events

Tracing and Diagnostics

demo

Summary: The ISV Opportunity

Managed code everywhereIntegrated PipelineIIS 7 Managed module starter kithttp://www.iis.net/downloads/

Add application specific UI to IIS Managerhttp://www.iis.net/articles/view.aspx/IIS7/Extending-IIS7/Extending-IIS-Manager/How-to-Create-a-Simple-IIS-Manager-Module

Simplified deployment, server farmsXcopy of config files, shared config, appcmdReduced surface area

Manage with delegate administrationDiagnose with built in / extensible tracingProvide high availability host for web services

http://IIS.net - new home for IIS Community!

Go Live License available to publicDownload Center – Download IIS 7 Extensions such as new FTP serverTechCenter to easily find the info you needAdvice and assistance in ForumsWalkthroughs, examples, and code samplesOnline labs – test IIS7 in your browser!

Best webcasts

http://www.microsoft.com/emea/itsshowtime/result_search.aspx?event=69

© 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.

The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date

of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Changes from IIS 6

DeprecatedNNTPIIS 5 Worker Process Isolation ModeFPSE (compatible alternative on IIS.net)Metabase.bin/Metabase.xmlIUSR_<servername> IWAM_ <servername> and IIS_WPGPOP3No administration website