1 / 45

Introducing IIS7: Microsoft’s Next Generation Web Server

Introducing IIS7: Microsoft’s Next Generation Web Server. Proven Scale MySpace - 23 Billion Page* Views/Month Microsoft.com - 10k Req /sec & 300K Connections Match.com 30 million page view daily Proven Security No critical IIS 6 hotfixes since RTM as of 5/20/07 Proven Trust

kaden
Télécharger la présentation

Introducing IIS7: Microsoft’s Next Generation Web Server

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Introducing IIS7:Microsoft’s Next Generation Web Server

  2. Proven Scale MySpace - 23 Billion Page* Views/Month Microsoft.com - 10k Req/sec & 300K Connections Match.com 30 million page view daily Proven Security No critical IIS 6 hotfixes since RTM as of 5/20/07 Proven Trust 54% of Fortune 1000 use IIS (port80software.com) A solid foundation to build on. IIS 6 Today : A Proven Platform

  3. Security Progress for IIS Two security patches for IIS 6 since RTM (>3 yrs) 2005 2006 2004 2002 2003 4/15Server2003 RTM (WebDAVDoS) (ASP) 06/11 06-034 10/12 04-021 IIS6 4/1002-018 6/1102-028 10/30 02-062 5/2803-018 IIS 5 8 4 4 7/13 04-021 IIS 4 4 8 4 < Critical • Notes • MS02-011 & 012 not included: updates SMTP service only • ASP.NET adds: 1 – v 2.0 2 - v 1.1 3 - v 1.0 = Critical = Rollup with X updates X

  4. Internet Information Services (IIS) 7.0 CreateStreamlined Servers Modular Architecture Reduced Attack Surface Extensible Design Extend/Modify IIS Features Integrated with .NET Rapid Application Deployment Manageable Built in Request Tracing More than a Web server, Internet Information Services 7.0 provides an accessible, extensible platform for developing and reliably hosting Web applications and services IIS 7.0 Enhancements FastDiagnostics

  5. Microsoft.com on IIS 7 • Beta 3 of Windows Server 2008 since June 12 • Great Compatibility • 99%+ ASP and ASP.NET worked • One application encountered breaking change out of 260 • Classic ASP mode and AppCmd • And loved • New UI, death of metabase, shared config, failed request tracing etc. • http://blogs.technet.com/mscom/archive/2007/09/07/the-tasty-morsels-found-in-dogfood-mscom-ops-top-10-changes-in-iis7-0.aspx

  6. Extensible Design

  7. IIS6 Architecture - Request Processing Monolithic implementationInstall all or nothing… Authentication NTLM Basic Anon … Determine Handler CGI Static File ASP.NET ISAPI PHP … Send Response Extend server functionality only through ISAPI… Log Compress

  8. IIS7 Architecture - Request Processing Server functionality is split into ~ 40 modules... Authentication Authentication NTLM Basic Anon Authorization … Modules plug into a generic request pipeline… ResolveCache Determine Handler CGI … Static File ExecuteHandler Modules extend serverfunctionalitythrough a public module API. ISAPI … … UpdateCache Send Response SendResponse Log Compress

  9. View Default Running Modules C:\Windows\System32\inetsrv\config

  10. The Many Benefits of IIS7’s Modular Design

  11. Extensibility • IIS 6 • IIS 6 extensibility limited to ISAPI filter and extensions • UI modifications in MMC are challenging • Difficult to extend IIS 6 Schema • Web service activation using http only • IIS 7 • Native or manage code modules and handlers • Easy to add your apps to UI • Simple to extend IIS 7 schema • Instrument apps to integrate with IIS 7 tracing • Host web services using non-http protocols

  12. Instantly you can tell it is new...

  13. The New IIS 7 Manager • Completely redesigned IIS Manager • Task-oriented • Context sensitive ‘Actions’ pane • Tabs are replaced with Icons • Allows IIS & and ASP.NET configuration • Icons instead of tabs • Provides managed extensibility • Add new management and IIS features • Application configuration can integrate into UI • View health and diagnostics within the UI • Built in remote administration over https • Manage 1 or 1000’s of sites

  14. demo Introducing the IIS Manager

  15. .NET Integration

  16. Integrated Application Pool • Application Pool architecture based on IIS 6 • Familiar settings for recycling, health monitoring, and process identity are unchanged • Two pool types in IIS 7 • Integrated (default) • Allows use of managed code to provide pipeline services for all requests • Example: .NET Forms authentication for Perl • Integrated is the default for new pools • Classic • Works same as IIS 6 • Ensures .NET compatibility

  17. .NET Integration • Simplifies security and administration • Leverage the power of .NET for all content with managed global modules • Forms Authentication • URL Authorization • .NET Caching • .NET Role and Membership Providers • New APIs manage both IIS 7 and .NET • Enables Xcopy deployment scenarios

  18. aspnet_isapi.dll Authentication Forms Windows … ASPX Map Handler Trace … … IIS6 ASP.NET Integration • ISAPI-based Implementation • Only sees ASP.NET requests • Feature duplication Authentication NTLM Basic Anon … Determine Handler CGI Static File ISAPI … Send Response Log Compress

  19. IIS7 ASP.NET Integration Basic • Two App Pool Modes • Classic (IIS 6) • Integrated Mode • .NET modules / handlers plug directly into pipeline • Process all requests • Full runtime fidelity Anon Authentication Authorization ResolveCache aspnet_isapi.dll … Static File Authentication ExecuteHandler Forms Windows … … ISAPI ASPX Map Handler UpdateCache Trace SendResponse Compress … … Log

  20. Migrating to Integrated ASP.NET • Handler and module configuration settings have moved: • system.web/httpHandlers→system.webServer\handlers • system.web/httpModules→system.webServer\modules • Setting the “managedHandler” precondition for a module means “execute only for ASP.NET requests”

  21. Better Management

  22. Use IIS Manager from XP, Vista, Windows Server 2003/2008 No administration website required! Secure, firewall-friendly connection over HTTP/SSL Fully customizable Supports auto-deployment of new Administration features from server->client Can hide features remote user cannot edit Built in Remote Administration

  23. Moved from Metabase.xml (and .bin) to Applicationhost.config File based configuration improves manageability XML – integrate with XML readers and APIs Config can be copied to other servers Easier to read Facilitates backup, restore and editing You now have choices about how to manage IIS configuration Centralized Configuration Delegated Administration Shared Configuration IIS 7 Configuration System

  24. Contso.com root Configuration System.NET + IIS7 Contoso.com \ Orders Site RootWeb.config .NET Framework Global web.config Machine.config <system.web>.NET settings .. .. .. <system.webServer>IIS7 Delegated settings .. ASP.net global settings NET global settings IIS 7 Applicationhost.config Global settings and location tags

  25. Delegate control to site owners Site owners control designated settings without elevated server privileges Delegated settings written to Web.config files Site and/or application level Shared with ASP.net configuration XCopy deploy configuration and content Granular control over delegated settings allows precise locking Example: Require Windows Authentication - let site owner control turn on/off Basic. Delegated Administration

  26. All web servers can share a single applicationhost.config Eliminates configuration replication in a web farm Easily stage and rollback config changes All administration tools are redirected to a common UNC path Does not replicate content First appearance in Longhorn Beta 3 Shared Configuration

  27. Staging and Rollback XML IIS7 IIS7 IIS7 AppHost.config UNC Staging New Config Version 1 Version 2 Easily manage multiple configuration versions for staging and rollback

  28. demo A lap around administration

  29. Automating IIS 7 Management • APPCMD • General purpose command line tool • Query and control state, change settings, add sites and vdirs • Managed Code API • Microsoft.Web.Administration • WMI • Improved namespace for IIS7 • ADSI compatibility • Powershell • use with Managed API and WMI

  30. IIS7 Administration Tools simple cmd-line syntax powerful mgmt objects inline help & multiple outputs

  31. Appcmd – Listing and Filtering C:\> appcmd list sites SITE "Default Web Site" (id:1,bindings:HTTP/*:80:,state:Started)SITE "Site1" (id:2,bindings:http/*:81:,state:Started)SITE "Site2" (id:3,bindings:http/*:82:,state:Stopped) C:\> appcmd list requests REQUEST "fb0000008000000e" (url:GET /wait.aspx?time=10000,time:4276 msec,client:localhost) C:\> appcmd list requests /apppool.name:DefaultAppPool C:\> appcmd list requests /wp.name:3567 C:\> appcmd list requests /site.id:1 Filter results by application pool, worker process, or site

  32. Scripting: IIS6 WMI Provider NOT CONSISTENT SetoIIS = GetObject("winmgmts:root\MicrosoftIISv2") ' Create binding for new site SetoBinding = oIIS.Get("ServerBinding").SpawnInstance_ oBinding.IP = "" oBinding.Port = "80" oBinding.Hostname = "www.site.com" ' Create site and extract site name from return value SetoService = oIIS.Get("IIsWebService.Name='W3SVC'") strSiteName = oService.CreateNewSite("NewSite",array(oBinding), "C:\inetpub\wwwroot") SetobjPath = CreateObject("WbemScripting.SWbemObjectPath") objPath.Path = strSiteName strSitePath = objPath.Keys.Item("") SetoSite = oIIS.Get("IIsWebServer.Name='" & strSitePath & "'") oSite.Start ' Create the vdir for our application SetoVDirSetting = oIIS.Get("IIsWebVirtualDirSetting").SpawnInstance_ oVDirSetting.Name = strSitePath & "/ROOT/bar" oVDirSetting.Path = "C:\inetpub\bar" oVDirSetting.Put_ ' Make the VDir an application SetoVDir = oIIS.Get("IIsWebVirtualDir.Name='" & strSitePath & "/ROOT/bar'") oVDir.AppCreate2 Create Site Create Virtual Directory Create Application

  33. Scripting: new WMI Provider CONSISTENT SetoService = GetObject("winmgmts:root\WebAdministration") ' Create binding for site SetoBinding = oService.Get("BindingElement").SpawnInstance_ oBinding.BindingInformation = "*:80:www.site.com" oBinding.Protocol = "http" ' Create site oService.Get("Site").Create _ "NewSite",array(oBinding), "C:\inetpub\wwwroot" ' Create application oService.Get("Application").Create _ "/foo", "NewSite", "C:\inetpub\wwwroot\foo" Static Create methods

  34. Compatibility: ABO Mapper IIS6 ADSI Script • Provides compatibility for: • scripts • command line tools • native calls into ABO • Not installed by default • Install IIS 6 Compatibility • Can only do what IIS6 could do… • Can’t read/write new IIS properties • Application Pools: managedPipelineMode, managedRuntimeVersion • Request Filtering • Failed Request Tracing • Can’t read/write ASP.NET properties • Can’t read/write web.config files • Can’t access new runtime data, e.g. worker processes, executing requests IISADMIN ABOMapper applicationHost.config

  35. Built in Request Tracing

  36. View Detailed Errors in the Browser New errors provide prescriptive guidance Access Runtime State Info in Real-Time New APIs expose all runtime diagnostic information Ex. See all currently executing requests Rapidly Troubleshoot Faulty Applications Rules define ‘failures’ that triggers report of pipeline events Define by http result code and/or time taken Configurable per application or URL Quickly identify bottlenecks Developers can add custom events Tracing and Diagnostics

  37. demo Tracing and Diagnostics

  38. Summary: The ISV Opportunity • Managed code everywhere • Integrated Pipeline • IIS 7 Managed module starter kit • http://www.iis.net/downloads/ • Add application specific UI to IIS Manager • http://www.iis.net/articles/view.aspx/IIS7/Extending-IIS7/Extending-IIS-Manager/How-to-Create-a-Simple-IIS-Manager-Module • Simplified deployment, server farms • Xcopy of config files, shared config, appcmd • Reduced surface area • Manage with delegate administration • Diagnose with built in / extensible tracing • Provide high availability host for web services

  39. http://IIS.net - new home for IIS Community! • Go Live License available to public • Download Center – Download IIS 7 Extensions such as new FTP server • TechCenter to easily find the info you need • Advice and assistance in Forums • Walkthroughs, examples, and code samples • Online labs – test IIS7 in your browser!

  40. Best webcasts • http://www.microsoft.com/emea/itsshowtime/result_search.aspx?event=69

  41. © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

  42. Changes from IIS 6 • Deprecated • NNTP • IIS 5 Worker Process Isolation Mode • FPSE (compatible alternative on IIS.net) • Metabase.bin/Metabase.xml • IUSR_<servername> IWAM_ <servername> and IIS_WPG • POP3 • No administration website

More Related