460 likes | 725 Views
Marcel Trümpy Platform Technology Advisor Microsoft Switzerland marcel.truempy@microsoft.com http://blogs.technet.com/chitpro-de. Microsoft IIS7 for IT Professionals. Windows Server 2008 – for the Web. Large focus on Web Workload in the enterprise and hosting world Web 2.0, SaaS , SOA
E N D
Marcel TrümpyPlatform Technology AdvisorMicrosoft Switzerland marcel.truempy@microsoft.comhttp://blogs.technet.com/chitpro-de Microsoft IIS7 for IT Professionals
Windows Server 2008 –for the Web • Large focus on Web Workload in the enterprise and hosting world • Web 2.0, SaaS, SOA • New version of Windows Web Server 2008 • Redesigned IIS7 Web Server • Deep integration with ASP.net • Interoperability with non-Microsoft languages • IIS on Windows Server Core
Windows Web Server 2008: Rebuilt • Windows Web Server 2008 is built for Internet Web serving • Increased hardware limits: • 4 processors and 4GB of RAM (32 GB on x64 version) • Removed features unnecessary for web severing • Web (IIS) is only default role (two others possible): • Windows SharePoint Services, Windows Media Services (download and install) • Benefits • Small footprint, Lower Cost • Supports More Web Application Scenarios • SQL Server allowed for local Web applications • Full use rights for IIS, ASP.NET and .NET FX 3.0
IIS 6 facts: A Proven Platform • Proven Scalability • MySpace - 23 Billion Page* Views/Month • Microsoft.com - 10k Req/sec & 300K Concurrent Connections • Match.com -30 million page view daily • Proven Security • No critical IIS 6 hotfixes since RTM • Proven Trust • 54% of Fortune 1000 use IIS (port80software.com) A solid foundation to build on.
IIS 6: No Critical fixes since RTM* *As of 4/4/07
What You Have Taught UsIIS 6.0 Customer feedback revealed: • Site density on shared servers is too low • Configuration corruption and replication issues • Too few options for site owner administration • Site/server failures too difficult or too long to troubleshoot • Not enough flexibility for customization • Current support for PHP apps is inadequate
IIS7: Major Changes • New Modular Architecture and Request Pipeline • Redesigned Configuration System • New UI and Suite of Management Tools • Deep ASP.Net Integration • Detailed Tracing and Troubleshooting Tools • Delegated Remote Administration • Granular Feature Delegation • Shared Configuration for Web farms • FastCGI Module for PHP Hosting
IIS6 Architecture - Request Processing Monolithic implementationInstall all or nothing… Authentication NTLM Basic Anon … Determine Handler CGI Static File ASP.NET ISAPI PHP … Send Response Extend server functionality only through ISAPI… Log Compress
IIS7 Architecture - Request Processing Server functionality is split into ~ 40 modules... Authentication Authentication NTLM Basic Anon Authorization Modules plug into a generic request pipeline… … ResolveCache Determine Handler CGI … Static File Modules extend server functionalitythrough a public module API. ExecuteHandler ISAPI … … UpdateCache Send Response SendResponse Log Compress
Many, Many Modules Install, manage, and patch only the modules you use… • Reduces attack surface (10 modules installed by default) • Reduces in-memory footprint • Provides fine grained control • Replace server modules provided by Microsoft with your own customcomponents, or add new components from IIS.NET • BEWARE of how to take them off!Server Manager & OCSetup vs. IIS Manager
Under the Hood: IIS7 Components Not on Server Core
IIS on Server Core Scenarios IIS Server Core installation Classic ASP Web Server PHP Web Server CGI and ISAPI Web Server Static file Web Server (images, Office documents, etc.) Lean, efficient footprint Minimal surface of attack and maintenance Headless (remote) management
IIS Support on Server Core • Ultimate low footprint web server • Lower memory requirement • Lean OS configuration • Minimize attack and maintenance surface • Seamless integration with IIS7’s new componentized architecture • Powerful IIS command-line management interface • “Reusable” WMI and AppCmd scripts and batch files
Getting Started with IIS on Server Core OCList OCSetup PKGMGR OCSetup AppCmd MWA WMI AppCmd MWA
Best Practices: Deployment • Installing IIS 7.0 features • OCList for dependencies • OCSetup to install components + dependencies • Enable remote acess and configuration start /wait ocsetup IIS-WebServerRole;WAS-WindowsActivationService;WAS-ProcessModel;IIS-WebServer netshadvfirewall firewall set rule group="Remote Administration" new enable=yes winrm set winrm/config/client @{TrustedHosts="iiscoredemo"}
Config System – Redesigned, Portable • No more metabase.bin or metabase.xml files! • Configure IIS and ASP.NET properties in the same file • Built for simple, schema-based extensibility • Machine Independent • Can be shared across multiple machines Metabase .Config XML
Sever and Site Config Files Server • ApplicationHost.config • Administration.config • Server Wide Settings • Global Feature Delegation • IIS Manager Users Individual Site Changes Sites Server Changes “Global”
Configuration System .NET + IIS7 .NET Framework Web.config Machine.config Global web.config ASP.net global settings .NET global settings <system.web>.NET settings IIS 7 Server Applicationhost.config <system.webServer>IIS7 Delegated settings Global settings and location tags
IIS 7.0 Management PowerShell appcmd.exe XML config files
Management / Admin Tools demo • IIS Manager- Notepad- Windows PowerShell • Appcmd
DCOM only, not a firewall-friendly protocol No way to delegate control of sites or applications Windows administrators only IIS 6.0 Remote Administration XML MetaBase Developers Site Owners Application Owners Administrator
IIS7 Remote Administration IIS7 XML XML Internet applicationHost.config web.config • Administrators can manage entire Web server • Almost the same as sitting at the box • Managing sites and applications • Admins and non-admins • Windows users and IIS manager users • Control of site and application settings • Administrator decides what non-admins can view/change (feature delegation) • HTTPS based • Secure firewall-friendly protocol Developers Site Owners Application Owners Administrator
Delegating Permissions App2 App1 wwwroot
Administrator decides which features non-admins can control Site owners control delegated settings No elevated privileges required! Delegated settings are in web.config Site or nested at application level Shares web.config with ASP.NET configuration Xcopy deploy configuration and content Take precautions to protect overwrites Feature Delegation
Delegated Not delegated Hidden and not delegated
Web Publishing in IIS Overview • Microsoft ships the following for Windows Server 2008: • A brand-new, feature-rich FTP service • An updated, feature-compatible version of FPSE • A redesigned WebDAV implementation • All are available as free downloads: • http://www.iis.net
FTP 7; Integration with IIS 7.0 Configuration • Current Scenario: IIS administrators needed to create two sites in the past. • Cause: HTTP and FTP sites stored their settings separately. • Solution: FTP 7 integrates with the IIS 7.0 configuration system.
FTP 7; Hosting Improvements: Virtual Hosts • Current Scenario: Hosting multiple FTP sites requires unique IP addresses. • Cause: FTP protocol architecture lacks the flexibility of HTTP’s host headers. • Solution: FTP 7 introduces “virtual host” support.
FTP 7; Hosting Improvements: User Isolation • Current Scenario: FTP user isolation in IIS 6 required physical directories. • Cause: FTP user isolation infrastructure could not support virtual directories. • Solution: FTP 7 user isolation allows both virtual and physical directories.
FTP 7; Hosting Improvements: Disk Quotas • Current Scenario: Server administrators have no way to limit disk usage for FTP sites. • Cause: FTP does not support quotas. • Solution: FTP 7 integrates with File Server Resource Manager directory quotas in Windows Server 2008.
FTP with IIS7 demo
IIS.NET: Home for IIS Community! • In-depth technical articles and samples • Connect with other IIS experts on blogs & forums • Free advice and assistance in forums • Download centre with IIS solutions
Non-Microsoft Publications These books can be found at all major book stores and online retailers
Training Resources For training information and availability:www.microsoft.com/learning
© 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.