IIS 6 and You!

Presented by
Harold Chattaway
Software Engineer
www.softwarelifecycle.com
The slides are at
www.softwarelifecycle.com/downloads/iis6.ppt
 Background
 Author of “WebRad: Building database applications for the
web with Visual FoxPro.”
 3 time speaker for MS at DevDays in Boston
 Speaker at Client/Server World in Boston
 2 time speaker at Great Lakes Database Conference
 Frequent UG speaker (VB, VFP, .NET).
 Developer/architect of www.Bugcentral.com A fully hosted
defect tracking service.
 Developer/architect of www.softwarelifecycle.com. An
integrated suite of software development tools.
 Outline
 What’s new in IIS 6?
 How to install?
• New Install
• Upgrade (walkthrough of actual upgrade)
 Administration Methods
 Creating/Configuration of web sites
 Securing IIS
 Various Flavors
 Win 2003 Standard Edition: Includes IIS6, supports 4 way
SMP and 4 Gb of memory
 Enterprise Edition: 8 way SMP and up to 32 Gigs of
memory
 DataCenter Edition: Only from OEM for high end critical
systems with advanced clustering support.
 Web Edition: Meant just for web servers. Intended for rack
mountable “blade” servers. Lacks Internet Connection
Sharing, Services for Mac. Is not a domain controller, no
clustering. Supports 2 way SMP and 2 gb of memory. Very
lightweight.
 New Features
 HTTP “listener” is now part of OS Kernel. Hands off requests to
separate worker processes. Greatly increase performance and
reliability.
 “Application Pools” that can house a single or multiple web sites.
Individually configurable properties.
 Large memory support for caching up to 64 Gigs of data.
 Not installed with Windows 2003. Must be installed separately.
 When installed, completely locked down. Every scriptmap needs to
be added.
 New metabase in XML format. Can be edited while IIS is running.
 HTTP.SYS
 Kernel Mode process that listens for and routes HTTP requests to
the proper applications.
 Is now part of TCP/IP stack in Windows.
 Handles returning cached versions of pages. No need to go to
application level and switch from kernel mode to user mode.
 Can still queue requests even if the application handling requests
has crashed.
 Handles TCP connections, logging services, bandwidth throttling,
connection limits, and timeouts.
 This works with Web Administration Service (WAS) to manage
requests…
 Web Administration Service
 At startup, retrieves websites from metabase and creates routing
table for HTTP.SYS. Creates one entry for each application pool.
 Handles the health of the application pools by starting, stopping
and recycling processes.
 It can “ping” the site and if not responding, it can terminate and
start a new process to take its place.
 Application Pools
 Is given its own request queue
from the HTTP.SYS listener.
 Contains one or more worker
processes (w3wp.exe)
 If an application needs to be
completely isolated from others,
give it it’s own pool.
 “Demand Start” will only start an
application when the first request
is received. Saving memory and
resources.
 “Idle Timeout” shuts down a
process when idle for X number of
minutes. Again saving resources.
 “Recycling” can be used to
periodically restart a pool. Can
use elapsed time, time of day or
# of hits
 Upgrading
 Upgraded Windows 2k Server to
Win 2k3 Enterprise Server.
 Took 43 minutes, very painless.
 Ran Windows Update, 6 critical
updates.
 Take IIS 6 out of IIS Isolation
Mode. (Website property sheet,
Service Tab)
 Removed URLSCAN. Really not
needed with IIS 6.
 Use Web Extension Service (WSE)
to allow only ASP.NET app
extensions. From IIS 5, it allows
all.

All extensions
have to be
explicitly
allowed.
 Configuring
 IIS Is NOT installed as part of the main OS install.

Making the server an

“Application Server”,
installs IIS 6.
 Administering
•MMC can be used over LAN or WAN to administer
machine.
•Server 2003 Admin Tools Pack. Can’t be used on Win
2k but can be used on XP Pro with Service Pack 1. Can
also be installed on a Win 2003 member server.
•Remote Desktop Connection. Requires Terminal
Services be installed on target machine.
•Remote Desktop Web Connection: Can use IE 5 or
above to connect to server. When installed on server,
“tsweb” virtual directory is created. Point browser to this
and an ActiveX control is downloaded to allow access.
• or, you can turn on remote administration of the
machine after IIS has been installed.
•Installed by default with Web Edition, but not
others!
• Follow the links to the right to turn on…
•Start|Control Panel|Add remove Programs
•Windows Components|Application Server|Details
•IIS|Details
•World Wide Web Service|Details
•Remote Administration(HTML)|Check off
 Administering
 For LAN, MMC is good choice.
 For remote machines, Remote Desktop is really the best
choice. Gives console level access. Client is installed on
local machine.
 HTML Remote Administration is limited. Can’t do eveything.
 Remote Desktop Web Connection is OK, but might need to
download ActiveX control over connection first.
 Creating a Website

WUGTEST will
be routed to IP
Address
172.16.0.5

 Two ways of accessing on local machine…

1. http://localhost/WUGDEMO
2. http://WUGDEMO, let’s try this one!
• Edit the HOSTS file to include a reference to this
URL. Located at:
C:\WINDOWS\system32\drivers\etc\hosts
 Creating a Website
1. Create a new application pool in IIS Manager
(WUGDEMO)
2. Create a new directory under
inetpub\wwwroot\WUGDEMO
3. From IIS Manager, create new website.
4. Point it at IP in HOSTS file
5. Assign to the Application pool created above
6. Create default.aspx in directory
7. In browser, navigate to http://WUGDEMO
 Security

By assigning web sites to pools, each pool can be secured
separately. One will not spill into another.
 Three built-in identities:
• Network Service: Very few privileges.
• Local Service: Same as above can only access local resources
• Local System: Bad! Has too many privileges.
 Custom User: Here you can specify a custom user account.
It must be part of the IIS_WPG Group to be able to control
the pool! Best when connecting to a separate SQL Server
box . Both accounts need to be on both machines. No
passwords are stored anywhere in clear text.
 Check out your IIS logs!
 Unregistered MIME types are given a 404 error now. In IIS
5, they where downloaded.
 Command-Line Options
 VBS files are located in \windows\system32:
• Iisapp.vbs: Lists web applications
• Iisback.vbs : Backups/restores/lists/deletes IIS configs
• Iiscnfg.vbs: Exports/imports config files.
• Iisext.vbs:manages web extensions
• Iisftp.vbs: manages FTP sites
• Iisftpdr.vbs: Manages FTP virtual directories.
• Iisvdir.vbs: Manages web site virtual directories.
• Iisweb.vbs: creates/deletes/start/stops websites.

IP Address
Create website location Name
 Metabase
 Instead of binary file, its now a plain text XML file
 Automatic versioning of files. History files are kept in
\windows\system32\inetserv\history
 XML file is read into memory upon startup. Changes are first
made to memory version then flushed to disk.
 Metabase can be backed up and moved to another machine
 Iiscnfg /copy can be used to copy an entire metabase to another
machine. This removes machine specific info from the metabase.
Great for replicating servers in a server farm environment.
 Resources
 www.iisfaq.com
 http://www.microsoft.com/downloads/details.aspx?FamilyID=80a1b6e6-829e-49b7-8c02-3
: Link to IIS Resource kit book. Each chapter is a DOC file. Great resource.
 http://www.microsoft.com/downloads/details.aspx?FamilyID=56fc92ee-a71a-4c73-b628-ad
: Resource kit.
 www.iisanswers.com
 www.port80software.com

Books

IIS 6 Administration by Mitch Tulloch ISBN:0-07-219485-5

 The End
 hchattaway@softwarelifecycle.com
 508-281-5404
 Slides will be at
www.softwarelifecycle.com/downloads/iis6.ppt