250 likes | 423 Views
WSV332. WSV332: What's New with IIS 8 Performance, Scalability, and Security. Shaun Eagan Senior Program Manager Microsoft Corporation. Wade A. Hilmo Principal Development Lead Microsoft Corporation. Session Overview. Session Objectives
E N D
WSV332 WSV332: What's New with IIS 8Performance, Scalability, and Security Shaun Eagan Senior Program Manager Microsoft Corporation Wade A. Hilmo Principal Development Lead Microsoft Corporation
Session Overview • Session Objectives • Learn how IIS 8 make it easier to secure your website and host secure sites • Understand how IIS 8’s sand-boxing features isolate your websites and improve application responses • Discover how IIS 8’s Application Initialization features improve application startup experience • Key Takeaways • IIS 8 makes it easier to prevent unwanted activity through Dynamic IP Restrictions • IIS 8 reduces the attack surface for FTP brute-force/dictionary attacks • CPU Throttling can be used to sand-box websites and prevent performance issues • Application Initialization enhances your end-users’ website startup perceptions
Securing My Web ServerDynamic IP Restrictions • IIS 7:Static IP Restrictions • Requires manually discovering and blocking known IP addresses • Only returns HTTP 403 status • IIS 8:Dynamic IP Restrictions* • Deny access based on concurrency or frequency of HTTP requests • Configurable response behavior • HTTP 401/403/404 status • Abort the request • Proxy-aware IP filtering * Note: A down-level version of Dynamic IP Restrictions has been released for IIS 7.5.
Demo Dynamic IP Restrictions
Securing My Web ServerFTP Logon Attempt Restrictions • IIS 7:FTP Static IP Filtering • Requires manually discovering and blocking known IP addresses • Subject to brute-force attacks and password lockouts • IIS 8:FTP Logon Attempt Restrictions • Dynamically blocks IP addresses that flood the server with failures • Prevents script-kiddie and brute-force attacks
Demo FTP Logon Attempt Restrictions
Scaling My Web ServerCPU Throttling: Defining The Problem • You manage a server, and you host multiple tenants • Badly-written applications from some tenants might consume too many resources • Well-written applications from other tenants might be starved for resources
Scaling My Web ServerCPU Throttling (Sand-boxing Applications) • IIS 7:CPU Throttling • Monitors for CPU use that exceeded specific threshold • Allows terminating an IIS worker process • IIS 8:CPU Throttling • Limits CPU usage per tenant: • Throttling CPU usage • Throttling under load • Terminating an IIS worker process
Demo CPU ThrottlingSand-boxing CPU Usage
Changing My Application Startup ExperienceApplication Initialization Module Application Initialization is built-in for Windows Server 2012 Application Initialization was released as an out-of-band (OOB) project for IIS 7.5
Changing My Application Startup ExperienceApplication Initialization Allows the application decide how it will respond to requests received during the warm-up period Each application can define its own behavior IIS marks requests received during warm-up, and allows the application to change the startup experience
Changing My Application Startup ExperienceApplication Preload Allows an application to be initialized when the worker process starts Server administrator decides which applications should be preloaded New process and recycled process behave differently
Changing My Application Startup ExperienceApplication Start Mode Feature existed in IIS 7, but is more useful in IIS 8 Allows pre-starting application pools instead of waiting for a first request
Demo Application Initialization
Session Summary • In this presentation you… • Learned how IIS 8 makes it easier to secure your website and host secure sites • Understood how to throttle the resources for high CPU usage applications • Discovered how IIS 8’s Application Initialization increases website startup experience • Key Takeaways • IIS 8 makes it easier to prevent unwanted activity through Dynamic IP Restrictions • IIS 8 reduces the attack surface for FTP brute-force/dictionary attacks • CPU Throttling can be used to sand-box websites and prevent performance issues • Application Initialization enhances your users’ website perceptions
Related Content WSV331 - What's New with IIS 8: Open Web Platform for Cloud WSV332 - What's New with IIS 8: Performance, Scalability, and Security DEV349 - Internet Information Services (IIS) Express for Web Developers
IIS.NET: Home for the IIS Community! In-depth technical articles and samples Connect with other IIS experts through blogs http://learn.iis.net http://blogs.iis.net Free advice and assistance in forums Download center with IIS solutions • http://forums.iis.net http://www.iis.net/download
Evaluations Submit your evals online http://europe.msteched.com/sessions
Q & A Questions? Shaun Eagan shaune@microsoft.com Microsoft Corporation Wade A. Hilmo wadeh@microsoft.com Microsoft Corporation
Resources Learning TechNet • Connect. Share. Discuss. • Microsoft Certification & Training Resources http://europe.msteched.com www.microsoft.com/learning • Resources for IT Professionals • Resources for Developers • http://microsoft.com/technet http://microsoft.com/msdn
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.