IIS 7: The Administrator’s Guide
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

IIS 7: The Administrator’s Guide

on

  • 16,905 views

 

Statistics

Views

Total Views
16,905
Views on SlideShare
16,804
Embed Views
101

Actions

Likes
3
Downloads
475
Comments
1

2 Embeds 101

http://k-portal 78
http://www.slideshare.net 23

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
  • thanks a lot
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • 05/14/10 14:23 © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
  • 05/14/10 14:23 © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
  • Themes of IIS7 was merger with ASP.NET
  • 05/14/10 14:23 © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
  • 05/14/10 14:23 © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
  • 05/14/10 14:23 © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
  • IIS.net slide
  • Upcoming sessions slide
  • 05/14/10 14:23 © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
  • 05/14/10 14:23 © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

IIS 7: The Administrator’s Guide Presentation Transcript

  • 1. IIS 7: The Administrator’s Guide Alexis Eller Program Manager Microsoft Corporation
  • 2. Scripting… WMI C#, VB.NET… Microsoft.Web.Administration Command Line… appcmd Server Modules ASP.NET on IIS7 Centralization Detailed Errors Failed Request Tracing IIS Manager Deploy... Manage... Troubleshoot...
  • 3. IIS6 Request Processing Send Response Log Compress NTLM Basic Determine Handler CGI Static File Authentication Anon Monolithic implementation Install all or nothing … Extend server functionality only through ISAPI … ASP.NET PHP ISAPI … … Deploy...
  • 4. IIS7 Request Processing Send Response Log Compress NTLM Basic Determine Handler CGI Static File ISAPI Authentication Anon SendResponse Authentication Authorization ResolveCache ExecuteHandler UpdateCache … … Server functionality is split into ~ 40 modules ... Modules plug into a generic request pipeline… Modules extend server functionality through a public module API. … … Deploy...
  • 5. Many, Many Modules
    • Install, manage, and patch only the modules you use…
    • Reduces attack surface
    • Reduces in-memory footprint
    • Provides fine grained control
    • … replace core server components with custom components …
    Deploy...
  • 6. Installing IIS7 Deploy...
  • 7.
    • Consistently install the same set of modules …
    • Avoid:
      • 503 “Service Unavailable”
      • [module is enabled but not installed]
      • Application doesn’t work as expected
      • [web.config references a module that isn’t installed]
      • [unexpected module conflicts with custom module]
    TIP Deploy...
  • 8. IIS6 ASP.NET Integration
    • Runtime limitations
    • Only sees ASP.NET requests
    • Feature duplication
    Send Response Log Compress NTLM Basic Determine Handler CGI Static File ISAPI Authentication Anon … … Deploy... Authentication Forms Windows Map Handler ASPX Trace … … … aspnet_isapi.dll
  • 9. IIS7 ASP.NET Integration
    • Two Modes
      • Classic (runs as ISAPI)
      • Integrated
    • Integrated Mode
      • .NET modules / handlers plug directly into pipeline
      • Process all requests
      • Full runtime fidelity
    Log Compress Basic Static File ISAPI Anon SendResponse Authentication Authorization ResolveCache ExecuteHandler UpdateCache … … Authentication Forms Windows Map Handler ASPX Trace … … … aspnet_isapi.dll Deploy...
  • 10. Migrating to Integrated ASP.NET Deploy...
  • 11. Replicate Content and Config
    • Main IIS configuration file (applicationHost.config)
      • Built-in “IUSR” account, no more machine specific SID’s
      • Simple file copy , no command line tools required
      • … watch for machine specific data like IP’s and drive letters
    • IIS config  web.config, XCOPY with application
    Deploy...
  • 12. Centralize Content and Config
    • IIS config  web.config, centralize on file server
    • File System:
      • Client Side Caching (CSC)
        • provides a local disk cache
      • Distributed File System Replication (DFSR)
        • abstracts multiple file servers to one share name
        • provides content replication
    Deploy...
  • 13. Configuration moves to .config files…
    • Configure IIS and ASP.NET properties in the same file
    • Use locking to provide delegation
    • Built for simple, schema-based extensibility
    • … welcome to a world of xcopy deployment …
    Manage...
  • 14. Configuration Layout root configuration files machine.config root web.config applicationHost.config web.config .NET Framework ASP.NET IIS IIS + ASP.NET + .NET Framework web.config files WindowsMicrosoft.NETFrameworkv2.0.50727configweb.config Windowssystem32inetsrvapplicationHost.config WindowsMicrosoft.NETFrameworkv2.0.50727configmachine.config Inheritance… Manage...
  • 15. Configuration Delegation
    • Delegation is:
      • Configuration locking, “overrideMode”
      • ACL’s on configuration files
    • By default…
      • All IIS sections locked except:
        • Default Document
        • Directory Browsing
        • HTTP Header
        • HTTP Redirects
      • All .NET Framework / ASP.NET sections are unlocked
    Manage...
  • 16.
    • Determine your configuration lockdown policy…
      • Be conservative at first
      • Unlock as necessary (locking later could break apps)
    TIP Manage...
  • 17. Compatibility: ABO Mapper
    • Provides compatibility for:
      • scripts
      • command line tools
      • native calls into ABO
    • Not installed by default
    • Can only do what IIS6 could do…
      • Can’t read/write new IIS properties
        • Application Pools: managedPipelineMode, managedRuntimeVersion
        • Request Filtering
        • Failed Request Tracing
      • Can’t read/write ASP.NET properties
      • Can’t read/write web.config files
      • Can’t access new runtime data, e.g. worker processes, executing requests
    applicationHost.config IISADMIN ABOMapper IIS6 ADSI Script Manage...
  • 18. Management Tools
    • Manage IIS and ASP.NET
    • View enhanced runtime data
      • worker processes, appdomains, executing requests
    • Manage delegation
    • Use whichever management tool suits your needs…
    GUI Command Line Script Managed Code IIS Manager appcmd WMI (rootWebAdministration) Microsoft.Web.Administration Manage...
  • 19. IIS Manager
    • Remotes over HTTP, making it firewall friendly
      • (remoting is not installed by default)
    • Provides managed extensibility
    • Supports non-admin management of sites and applications
    Manage...
  • 20.
    • Educate end users who publish their application and use IIS Manager configure it…
    • Scenario:
      • User publishes application
      • User changes app’s web.config using IIS Manager
      • User copies updated web.config to his local version of the application
      • Several days later, user re-publishes application
      • ** modifications make to the app’s web.config using IIS Manager have just been blown away**
    TIP Manage...
  • 21. Appcmd – Listing and Filtering C:> appcmd list sites SITE "Default Web Site" (id:1,bindings:HTTP/*:80:,state:Started) SITE "Site1" (id:2,bindings:http/*:81:,state:Started) SITE "Site2" (id:3,bindings:http/*:82:,state:Stopped) C:> appcmd list requests REQUEST "fb0000008000000e" (url:GET /wait.aspx?time=10000,time:4276 msec,client:localhost) C:> appcmd list requests /apppool.name:DefaultAppPool C:> appcmd list requests /wp.name:3567 C:> appcmd list requests /site.id:1 C:> C:> Filter results by application pool, worker process, or site C:> Manage...
  • 22. appcmd Manage...
  • 23. Scripting: IIS6 WMI Provider Set oIIS = GetObject("winmgmts:rootMicrosoftIISv2") ' Create binding for new site Set oBinding = oIIS.Get("ServerBinding").SpawnInstance_ oBinding.IP = "" oBinding.Port = "80" oBinding.Hostname = "www.site.com" ' Create site and extract site name from return value Set oService = oIIS.Get("IIsWebService.Name='W3SVC'") strSiteName = oService. CreateNewSite ("NewSite", array (oBinding), "C:inetpubwwwroot") Set objPath = CreateObject("WbemScripting.SWbemObjectPath") objPath.Path = strSiteName strSitePath = objPath.Keys.Item("") Set oSite = oIIS.Get("IIsWebServer.Name='" & strSitePath & "'") oSite.Start ' Create the vdir for our application Set oVDirSetting = oIIS.Get("IIsWebVirtualDirSetting"). SpawnInstance_ oVDirSetting.Name = strSitePath & "/ROOT/bar" oVDirSetting.Path = "C:inetpubar" oVDirSetting.Put_ ' Make the VDir an application Set oVDir = oIIS.Get("IIsWebVirtualDir.Name='" & strSitePath & "/ROOT/bar'") oVDir. AppCreate2 1 Create Site Create Virtual Directory Create Application NOT CONSISTENT Manage...
  • 24. Scripting: new WMI Provider Set oService = GetObject("winmgmts:rootWebAdministration") ' Create binding for site Set oBinding = oService.Get("BindingElement").SpawnInstance_ oBinding.BindingInformation = "*:80:www.site.com" oBinding.Protocol = "http" ' Create site oService.Get("Site").Create _ "NewSite", array (oBinding), "C:inetpubwwwroot" ' Create application oService.Get("Application").Create _ "/foo", "NewSite", "C:inetpubwwwrootfoo" Static Create methods CONSISTENT Manage...
  • 25. WMI – Unloading AppDomains …through script …through PowerShell Manage...
  • 26. Coding: Microsoft.Web.Administration ServerManager iisManager =  new  ServerManager(); foreach (WorkerProcess w3wp  in   iisManager.WorkerProcesses ) {     Console.WriteLine("W3WP ({0})", w3wp.ProcessId);                   foreach (Request request  in   w3wp.GetRequests (0)) {         Console.WriteLine("{0} - {1},{2},{3}",                     request.Url,                     request.ClientIPAddr,                     request.TimeElapsed,                     request.TimeInState);     } } Manage...
  • 27. New Troubleshooting Features
    • Detailed custom errors, just like ASP.NET
    • Failed Request Tracing
      • No more ETW tracing and waiting for a repro…
    • New runtime data:
      • worker processes
      • appdomains
      • currently executing requests
    Troubleshoot...
  • 28. Failed Request Tracing
    • No-repro tracing for “failed requests”
    • Configure custom failure definitions per URL
      • Time taken
      • Status/substatus codes
      • Error level
    • Persist failure log files
    • Will it tell me what’s wrong?
      • Sometimes… for example, ACL issues
      • Look for clues
    • Can use for all requests to see what’s going on
    Troubleshoot...
  • 29. Failed Request Tracing Troubleshoot...
  • 30. Summary
    • Troubleshoot…
      • Use: Detailed Errors, Failed Request Tracing, Currently Executing requests
    • Manage…
      • Manage IIS and ASP.NET through the same tools
      • Use ABO Mapper compatibility (not installed by default)
      • Determine configuration lockdown policy
    • Deploy…
      • ~ 40 modules, install only what you need
      • Migrate to ASP.NET Integrated Mode
      • Easier centralization/replication
  • 31. [email_address]
  • 32.
    • TechCenter to easily find the info you need
    • Advice and assistance in Forums
    • Insider info on new technology (IIS7!)
      • Online labs, play with IIS7 in your browser
    New home for IIS Community!
  • 33. Some upcoming IIS sessions… Today 3:15 – 4:30 Chalktalk: Configuration Management of Web Platform Tomorrow 8:30 – 9:45 IIS 7: Under the Hood for Web Request Tracing 10:15 – 11:30 Chalktalk: Using Managed Code to Administer IIS 7 1:00 – 2:15 Chalktalk: Introducing the New and Improved IIS Manager in IIS 7 2:45 – 4:00 IIS 6: Effective Management of Web Farms 4:30 – 5:45 IIS 6: Everything the Web Administrator Needs to Know about MOM Wednesday 8:30 – 9:45 Chalktalk: Extending the IIS Manager Tool in IIS 7 2:00 – 3:15 Chalktalk: IIS 6.0 Security: Setting the Record Straight 4:45 – 5:00 Chalktalk: IIS and Microsoft.com Operations: Migrating IIS 6.0 to 64 bit 5:30 – 6:45 Chalktalk: IIS 7 Q&A
  • 34. Fill out a session evaluation on CommNet and Win an XBOX 360!
  • 35. © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
  • 36. Additional Information
  • 37. Installation Options Server Manager Package Manager Server Manager
    • Lots of components
    • Static server by default
    • [client] Use Windows
    • Features
    Package Manager
    • Replaces sysocmgr
    Unattend
    • File format is
    • completely different
    • [client] Pick components,
    • cannot set configuration
    Deploy...
  • 38. Install, Migration, Upgrade
    • Install log: WindowsIIS7.log
    • Uninstall
      • Stop services to avoid a reboot
      • Deletes configuration files, backup before uninstall
    • Migration: none for Vista, LH Server TBD…
    • Upgrade
      • All web and/or FTP components are installed, uninstall unnecessary components afterwards…
      • Application pools will be ISAPI mode, configured for no managed code => all ASP.NET requests will fail
    Deploy...
  • 39. ASP.NET: Migration
    • Application Pools
      • ASP.NET Integrated mode by default
      • Configure to load a specific version of the .NET Framework
    • Integrated Mode
      • Different server environment for some pipeline notifications
        • e.g. request is not authenticated for BeginRequest
      • Handler and module configuration integrated with IIS
        • system.webServer/handlers, system.webServer/modules
      • Validation warns on httpHandlers, httpModules, or identity config
      • Remove “managedHandler” precondition on an ASP.NET module to have it execute for all content
    • ISAPI Mode
      • Can’t configure HTTP handlers and modules from the UI
    Deploy...
  • 40. Replicating applicationHost.config
    • Will cause all application pools to recycle:
      • changes to default settings for all application pools
      • changes to the <globalModules> list
    • Will cause one application pool to recycle:
      • application pool settings
    • Use only RSA machine-encryption (default), replicate RSA machine key
      • http://msdn2.microsoft.com/en-us/library/yxw286t2(VS.80).aspx
    • Gotcha's:
      • Machine specific data, like IP addresses or drive letters
      • Servers must have same set of modules installed (reference to non-existent module in <globalModules> causes 503's)
    Deploy...
  • 41. Configuration Delegation
    • Two kinds of configuration locking:
      • overrideMode (similar to &quot;allowOverride&quot;)
      • granular locking, e.g. lockItem, lockElements
    • By default…
      • All IIS sections locked (overrideMode=“Deny”) except:
        • Default Document, Directory Browsing, HTTP Header, HTTP Redirects, Validation
      • All .NET Framework / ASP.NET sections are unlocked
    • Determine your configuration lockdown policy
      • be conservative at first
      • unlock as necessary (locking later could break apps)
    Manage...
  • 42. Configuration Schema
    • Use the schema file to see all config settings:
    • %windir%system32inetsrvconfigschemaIIS_schema.xml
    • Schema describes:
      • property types
      • default values
      • validation
      • encrypted by default?
    • note: config is case sensitive
    Manage...
  • 43. Appcmd – Viewing Config Schema C:> appcmd list config /section:? | findstr system.webServer system.webServer/globalModules system.webServer/serverSideInclude system.webServer/httpTracing ... C:> appcmd list config /section:directoryBrowse <system.webServer>   <directoryBrowse enabled=&quot;true&quot; /> </system.webServer> C:> appcmd list config /section:directoryBrowse /config:* <system.webServer>   <directoryBrowse enabled=&quot;true&quot; showFlags=&quot;Extension, Size, Time, Date&quot; /> </system.webServer> C:> appcmd list config /section:directoryBrowse /text:* CONFIG   CONFIG.SECTION: system.webServer/directoryBrowse   path: MACHINE/WEBROOT/APPHOST   overrideMode: Inherit   [system.webServer/directoryBrowse]     enabled:&quot;true&quot;     showFlags:&quot;Extension, Size, Time, Date&quot; C:> C:> IIS sections – also try “system.web” and “system.applicationHost” C:> C:> Shows attributes that aren’t set explicitly Manage...
  • 44. Coding: Microsoft.Web.Administration
    • First managed code API for administering IIS
      • Same objects and functionality as WMI, appcmd
    • What about System.Configuration?
      • System.Configuration:
        • Strongly typed ASP.NET and .NET Framework config
      • Microsoft.Web.Administration:
        • Weakly typed IIS, ASP.NET, and .NET Framework config
        • Strongly typed IIS objects like Sites and Application Pools
    Manage...