1 / 26

IIS/ASP.NET Best Practices

IIS/ASP.NET Best Practices. Clint Edmonson Architect Evangelist Microsoft Corporation. Advice for IT Pros. Offer a menu of server configurations to developers (and create using separate app pools) Provide a copy of server's ASP.NET config files to developers

gamada
Download Presentation

IIS/ASP.NET Best Practices

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. IIS/ASP.NET Best Practices Clint Edmonson Architect Evangelist Microsoft Corporation

  2. Advice for IT Pros... • Offer a menu of server configurations to developers (and create using separate app pools) • Provide a copy of server's ASP.NET config files to developers • Require a load test before allowing apps into production (at least the home page) • Implement a server change request and tracking system • Don't allow developer access to production servers

  3. Advice for Architects... • Use an n-tiered architecture (e.g. web tier, service tier, and database tier) • Keep your UIs dumb • Develop a set of shared enterprise components & services • Security (Authorization, Authentication) • Event Logging & Notification • Database Location & Access • Service Location & Access • Encryption

  4. Advice for Developers... • Don't hard code IP addresses, use DNS names • Assume your app will be running in a web farm • Assume you'll be sharing resources with other web apps • Assume your app will be restarted on a regular basis • Minimize your web.config complexity

  5. IIS/ASP.NET Best Practices Shawn Travers IT Pro Evangelist Microsoft Corporation http://blogs.technet.com/shawnt

  6. IIS7 Modularity

  7. Default Install: Static Content only

  8. ASP.NET Install

  9. IIS7 Security • Architecture changes • Componentization • Componentization reduces attack surface and allows for server “hardening” according to business needs • Built-in accounts and groups • SID injections for IIS_IUSRS group and worker process to help with site migration without security compromise • Application Pool Isolation by default • New security management features for IT Pros • Request Filtering rules • URL Authorization rules • Secure remote management via HTTPS • Allow fine-grained control over feature delegation to non-web server administrators

  10. XML Config Files Replace Metabase IIS 7.0 IIS 6.0, 5.0, 4.0, 3.0 IIS_schema.xml metabase.xml machine.config applicationHost.config web.config • Difficult to manage • Difficult to replicate • Machine-level depository • Requires direct server access • Decentralized • Text based • Scriptable • Extensible • Understandable • Easy to deploy • Easy to delegate

  11. Hierarchyof Configuration Files .NET Framework settings Main IIS 7.0 settings machine.config ASP.NET settings applicationHost.config root web.config web.config web.config web.config Applications Sites Virtual Directories

  12. Deploying Datacenters and Hosts • Minimum Install by Default • XCopy Deployment • Built-in User Accounts • Shared Hosting

  13. Installing Modules Using Modules Selecting Modules IIS 7.0 Modules Overview • Install a module on the server (native modules only) • Enable the module in an application • Manually edit the configuration store • Use IIS Manager or appcmd.exe • Use only the modules you need • Replace core server modules with custom modules

  14. IIS 7.0 Architecture Changes

  15. Web Server Network Traffic

  16. Tuning the Network for IIS

  17. Performance Tuning Best Practices

  18. ASP.NET Tips and Tricks

  19. Remote Storage and Performance

  20. Monitoring Performance Automatic Failed Request Tracing Reliability and PerformanceMonitor NetworkMonitor Tracing Log File

  21. IIS7 Performance Improvements • Microsoft.com sees a 10% performance improvement overall • More powerful compression • For static and dynamic content • Default Document optimization • Output Caching • Per URL, query string and/or request headers • APIs for putting responses in the output cache • Kernel mode SSL and Windows authentication • Performance improvements • Improved Scalability • Host thousands of sites for multi-tenancy scenarios • FastCGI • Great way to run PHP on IIS

  22. Performance Best Practices • Enable Output Caching for semi-dynamic pages • Low bandwidth Branch Offices? • Enable Dynamic Compression (~ 5% CPU overhead) • Need to run many web apps on a single box? • Run IIS worker processes in Wow64 mode • Room for the OS, scalability for your web apps • It’s an per-AppPool setting now: Enable32BitAppOnWow64 • Thinking about buying new Web Server hardware? • W2K8 scales extremely well on new multi-proc boxes (4 and 8 core) • ASP.NET op caching vs. IIS op caching vs. KM output caching

  23. Performance Best Practices • 1000s of requests per second? • Remove modules you don’t need • You don’t know why some pages are so slow? • Turn on Failed Request Tracing and the “time-taken” feature to investigate • You * script-mapped all requests to ASP.NET in IIS6? • Integrated Pipeline is much faster than an IIS6 * scriptmap solution • Try together with IIS7 URL Authorization.

  24. Performance Best Practices • PHP applications? • PHP on top of FastCGI is much faster than traditional CGI • The majority of your requests go to your Default Document? • Put it on top of the list • Otherwise IIS7 has to check every time • Static default documents will be cached in kernel-mode • Looking for tools to measures web server performance? • Try WCAT 6.3 from www.iis.net/downloads

  25. IIS Summary • Better compression for static and dynamic content, as well as output caching • Kernel-mode improvements • Security by default with application isolation and built-in accounts and groups • Best practices for IT pros like putting default documents at the top of the list • Improved scalability for multi-tenancy scenarios (high site density) • Improved support for application frameworks like PHP and Python with FastCGI

  26. TechNet Plus TechNet Plus is an essential premium web-enabled and live support resource that provides IT Professionals with fast and easy access to Microsoft experts, software and technical information, enhancing IT productivity, control and planning. Evaluate & Learn Plan & Deploy Support & Maintain • 2 complimentary Professional Support incidents for use 24/7 (20% discount on additional incidents) • Access over 100 managed newsgroups and get next business day response--guaranteed • Use the TechNet Library to maintain your IT environment with security updates, service packs and utilities • Evaluate full versions of all Microsoft commercial software for evaluation—without time limits. This includes all client, server and Office applications. • Try out all the latest betas before public release • Keep your skills current with select Microsoft E-Learning courses free each quarter • Use the TechNet Library to plan for deployment using the Knowledge Base, resource kits, and technical training • Use exclusive tools like System Center Capacity Planner to accurately plan for and deploy Exchange Server and System Center Operations Manager • Stay informed with your free subscription to TechNet Magazine. Get all these resources and more with a TechNet Plus subscription. For more information visit: technet.microsoft.com/subscriptions CODE: TMSAM12

More Related