IIS6

Web Services

Overview
Application Platform Features
Reliability Features
Manageability Features
Performance and Scalability Features
Security Features

Application Platform
Features
Web Applications
The Application Server Role
Installing and Configuring the Application
Server Role
Configuring and Managing Your Server
Adding and Removing Components

Web Applications
A Web Application is a collection of content
accessed through hypertext protocols
Static content Web site
CGI scripts
ASP pages
ActiveX/COM components
ASP.NET pages
.NET Web Services
Components of multi-tier applications

The Application Server Role

Combines specific interdependent
functionality termed Web Application
Server:
Microsoft Internet Information Services (IIS) 6.0
Active Server Pages (ASP)
ASP .NET
Component Object Model (COM+)
Microsoft Data Engine (MSDE)
Microsoft Message Queuing (MSMQ)

The Application Server Role

The Application Server Role, which
includes IIS 6.0 and other components, is
not installed by default in Windows Server
2003
Two Interfaces
Configure Your Server/Manage Your Server
Wizards
Add/Remove Programs, Add/Remove Windows
Components

Configure Your Server and

Manage Your Server
Web Application Server role can be added
through Configure Your Server or Manage Your
Server
Base components are automatically selected
Additional components are installed based on
choices made in wizard

After the role is added, it can be managed

through Manage Your Server

Configure Your
Server/Manage Your Server
Easy Web server setup
Configures only services required for
application

Add/Remove Components
Allows for more
granular component
selection (and risk of
incorrect component
selection)

Reliability Features
Fault-tolerant Architecture
HTTP stack (HTTP.sys)
Application Pools
WWW Service
Worker Processes (W3WP.exe)

IIS 5.0 Isolation Mode

Health Monitoring
Process Recycling
Crash Detection and Rapid Fail Protection

Fault-tolerant Architecture:
Issues
Web sites and applications may contain
flawed code
Web server needs to be active manager of
applications:
Be fault tolerant (not crash on application failure)
Monitor the health of Web sites and applications
Actively recycle/restart processes
Continue to queue requests
Reliability without sacrificing performance

IIS 5.0
All requests run through single process (Inetinfo.exe),
Out-of-process applications (dllhost.exe) were slow
Application failures could crash server, other applications

Fault-tolerant Architecture:
Solution
IIS 6.0 fault-tolerant process isolation architecture
Isolates applications from each other and Web
server
Core components
HTTP.sys: Kernel mode component for HTTP listening,
routing, queuing, and caching
Application pools: Groups sites and applications for
easy management of process isolation
WWW Service: Configuration and server
management, process health monitoring
Worker processes (W3WP.exe): Isolate Web site and
application processing

IIS 6.0 Fault-tolerant

Architecture
User
Kernel

WWW
Service

Application Pool

Application Pool

W3WP.exe

W3WP.exe

Web
application

Web
application

HTTP.sys

Request

Response

HTTP Stack (HTTP.sys)

HTTP stack with queuing and caching functions
Runs in kernel mode
Supports IPv4 and IPv6
Does not load or run any Web site or
application code
Cannot be affected by applications errors and
failures
Routes requests to IIS application pools based
on URL mapping
Text-based and binary logging

HTTP Stack (HTTP.sys):

Kernel-Mode Queuing
HTTP.sys queues incoming HTTP requests
Each queue supports a set of sites/application
Queue size can be set by administrator
If an application fails:
HTTP.sys continues to accept and queue
requests until the application is restarted or
the server is shut down
Once the application restarts, the queue is
processed until it is empty
Buffers client application from application errors
Increases site and application availability

Application Pools
Defines a set of Web applications managed
together
Separated by process boundaries
Served by one or more worker processes
Requests routed directly to pool by HTTP.sys
Not affected by sites and applications in other
pools
Application cannot be routed to another pool
while being serviced by the current pool
Applications can be assigned to different pools
running
while server is

Application Pools:
Configuration
Easy to create and manage
Can configure up to 20,000 application
pools per
server

WWW Service
Roles
Configures HTTP.sys
Manages worker processes

Application code runs in separate worker

processes
No application code runs in WWW Service
Requests do not route through WWW Service
Ensures Web server reliability
Application errors cannot crash Web server

WWW Service:
Configuration
At IIS 6.0 startup
Reads metabase and initializes HTTP.sys routing
table
Creates one entry for each URL to app pool
mapping
Determines routing from request to worker
process

As application pools and applications are

added
Configures HTTP.sys to accept new URL
requests
Sets up the request queues for new application
pools

WWW Service: Process

Management
During IIS 6.0 operation WWW Service
monitors processes
Determines when to start a worker process
when to start additional worker processes
when a worker process has failed or blocked
when to recycle or restart a worker process

Requests continue to be queued and

updated while an application is being
recycled
Process recycling is invisible to client application

Worker Processes
Responsible for handling Web requests for
a set of sites and applications
Each application pool is served by one or
more worker process
Each worker process is selfcontained
Receives requests directly from HTTP.sys
Contains Web request processing functionality
Loads ISAPIs: filters and extensions (ASP,
ASP .NET, Microsoft FrontPage Server
Extensions)

Delivers complete isolation from system

components and other Web applications

Worker Processes:
Configuration
Worker process
can
be started as:
Network Service
(default)
Local System
Local Service
Configured ID

IIS 6.0 Fault-tolerant

Architecture

Process Mgr

metabase

WWW
Service
Config Mgr

INETINFO

Application
Pool 1

Application
Pool 2

Web Garden

W3WP.exe

W3WP.exe

W3WP.exe

ASP.NET ISAPI

ISAPI
Extensions
(ASP, etc.)

ASP.NET ISAPI

CLR Application
Domain
CLR Application
Domain

HTTP.sys

ISAPI Filters

CLR Application
Domain
CLR Application
Domain

Fault-tolerant Architecture:
Benefits
Dramatically increased reliability
No server reboots
Self healing on application failure
Increased scalability
Simplified server administration

IIS 5.0 Isolation Mode

Some applications may not work in IIS 6.0 worker
process isolation environment
Multiple-instance
Session state persisted in-process
Applications written as read raw
data filters
IIS 6.0 can switch to IIS 5.0 isolation mode

Everything in user mode operates

as in IIS 5.0
IIS 5.0 methods of application isolation (low,
medium [pooled], high)
Inetinfo.exe still master process
HTTP.sys performance benefits
Kernel-mode request queuing
Kernel-mode caching

Process Health Monitoring

Detects and recovers from thread
deadlock
How does it work?
Configurable time limit
WWW Service pings each worker process
If (no response in time limit)

Default

User

WWW
Service

Kill process
Publish event
Start new process Kernel

Or

Take a configured
action => Orphaning

Other application pools keep running

W3WP.exe
Web
application

HTTP.sys

Process Health Monitoring:

Debug Action
Allows for custom action to be executed
when process fails to respond, for
example:
Send e-mail to administrator
Attach debugger
Process dump

Process left running

Though WWW Service dropped its process
handle

Crash Detection and Rapid

Fail Protection
WWW Service
detects process
crash
On failure
Publish event to event log
Check crash count
If (Crash count > Max
Crashes in time limit)
Disable application pool

Else start new process if

demand

Rapid Fail Protection

Only allow x crashes in y
minutes
Return 503 errors when
invoked

Manageability Features
Configuration Metabase
XML Metabase Advantages
Change Configuration While Running
Metabase Save Options
Metabase Import/Export
Server Configuration Backup/Restore
Improved Patch Management
IIS WMI Provider
Command Line/Script Administration
Web-based Administration Console
Logging

Configuration Metabase:
Before IIS 6.0
Hierarchical store of IIS
configuration information
Enables
Inheritance
Data typing
Change notification
Security

Admin UI

Active Directory
Service Interface
(ADSI)

Admin Base Object

IIS 4.0/IIS 5.0 storage is

proprietary binary file
Metabase.bin
Not easy to read or edit

metabase.bin

Configuration Metabase: IIS

6.0 XML Metabase
Metabase now stored in XML UI
WMI
ADSI
Plain text file
Change configuration while
server is running
Admin Base Objects
Automatic backup with
version control
Application configuration
exportable and importable
from file
Metabase.xml MBSchema.xml
Import/Export configuration
Server-independent backups

XML Metabase Advantages

Easier to:
Diagnose metabase corruption
Extend existing metabase schema through XML
Read/edit current metabase configuration directly
Completely compatible with existing APIs and ADSI
Existing binary metabases upgrade to XML cleanly

Better performance/scalability
Faster read times than IIS 5.0 binary metabase
Equivalent write performance to IIS 5.0 binary
metabase

Change Configuration While

Running
Metabase can be
modified while IIS
6.0 is running
To enable, select
Enable Direct
Metabase Edit
Does not require
server restart
Can use any text
editor
Notepad .NET,
PERL, etc

Metabase Save Options

Frequency
Save event scheduled 60 seconds after last
change
At save event, if the number of writes since the
first change exceeds 30, the save event is deferred
60 seconds
If deferring continues, metabase save occurs 5
minutes from first change

What happens
Data saved to metabase.xml
WWW Service URL to application pool tables
updated

Metabase Import/Export
Export/import metabase config to/from
XML
Options include
Export/Import inherited properties
Export/Import node only (or entire subtree)
Password encrypt exported file

Server Independent
Backup/Restore
New
capabilities
in IIS 6.0
Backup with
password
Automatic
backups

UTF-8 Logging Support

IIS 6.0 now supports writing log files in
UTF-8 instead of ASCII or local
codepage
Configurable at the
WWW service level

Binary Logging
Allows for more than 10,000 sites to write to
a single log file in a binary, non-formatted
manner
Improved performance because data does not
need to be formatted

Provides several scalability benefits

Reduction in the number of log file buffers needed
Post-process log file to extract the log entries

Allows for the use of custom tools to process

binary log files
Format of the log entries and file published

Logging of HTTP Substatus

Codes
IIS returns substatus codes for specific
types of problems
Request cannot be served because required
application has not been unlocked (for
example, ASP by default on clean installations)
The client receives 404 error
IIS actually generates a 404.2 error

Errors now logged to W3C and binary log

files

Performance and Scalability

Features
Kernel-mode Caching
Resource Accounting and Quality of
Service (QoS)
Site Scalability
Idle Timeout and Demand Start
ASP.NET and IIS 6.0 Integration

Kernel-mode Caching
Cached responses
served straight from
HTTP.sys
Can double speed
No user-mode transition
Applications will not see
requests if served from
cache
Static and dynamic content
Smart caching

User Application
ASP.NET/CLR
W3WP.EXE (IIS6.0)
User
Kernel
HTTP SYS

Network Stack

Request

Response

Cache

Web Gardens and Processor

Affinity
Web Gardens
Application pool with
multiple worker
processes
Connection-based
routing within garden

Processor Affinitization
Bind processes to one
or more CPUs
Mask-based
configuration

Web Garden
Application Pool
Worker Process
WWW
Servi
ce

ISAPI
Extension
ISAPI Filter

HTTP.sys

Resource Accounting and

Quality of Service (QoS)

Ensures that components or content do

not monopolize server resources
Allows administrator to control resources used by sites, application
pools, WWW service, and so on
Ensures quality of service that other services/sites/applications on the
system receive by limiting the resources consumed by particular Web
sites/applications, and/or the WWW service itself

QoS features:

Connection limits
Connection timeouts
Application pool queue length limits
Bandwidth throttling
Process accounting
Memory-based recycling

Site Scalability
Targeting many thousands of sites per
machine
Current suggested maximum is 20000 sites

Re-architected Startup/Shutdown routines

for lazy site initialization
Centralized, binary logging
Option to have one central log file per
computer rather than tens of thousands when
doing dense hosting

Other Platform
Improvements
64-bit support
Code base compiled for 32-bit and 64-bit platforms

Internet Protocol version 6 (IPv6) Support

Production-ready IPv6 stack
If IPv6 protocol stack is installed, IIS 6.0 will
automatically handle HTTP requests that arrive over
IPv6

Granular Compression
On congested network, useful to compress responses
In IIS 5.0, compression was an ISAPI filter and could only be
enabled for the whole server
IIS 6.0 allows file level compression

Security Features
Locked down by default
Multiple levels of security
Unlocking Functionality
Application Isolation
Network Service Account
SSL v3 Improvements
Configurable Worker Process ID
Passport Authentication
Windows Server 2003 Authorization Framework
Constrained Delegated Authentication
FTP Security Features

Locked Down By Default

IIS is not installed by install or upgrade
default
Except on Windows Server 2003, Web Edition

When initially installed, only requests for

static content allowed by default
For example: HTML, text, .jpg, .bmp
No ASP, ASP.NET, CGI, or other dynamic content is allowed (unless ASP
or ASP.NET has been installed)

Aggressive, secure default timeouts

Additional content types must be
specifically enabled
Group Policy can be used to prevent IIS
installs on workstations or inappropriate

Multiple Levels of Security

IIS only serves recognized file extensions
Unrecognized extensions are refused

File verification
Server verifies that content exists before giving
request to request handler (ISAPI extension)

Buffer overflow protection

Worker process detects and exits program if
buffer overflow detected

Command-line tools inaccessible to Web

users
Upload data limitations defined by

Multiple Levels of Security

Write-protected content
Anonymous users cannot modify content

Access Control List (ACL) settings

Command line files
Content
Logfiles
Custom error directory
On cache directories

No executable virtual directories

/SCRIPTS and /MSADC

Unlocking Functionality
In default install, administrator must
manually enable:
ISAPI
CGI
ASP
ASP.NET
FPSE
WebDAV
Server Side
Includes

Enable using command-line, script, or GUI

Application Isolation
One IIS 6.0 server can securely host many
Web sites and applications
Application pools provide unit of isolation
Isolation is achieved through:
Configurable worker process identity
Bandwidth and CPU throttling
Memory-based recycling

Configurable Worker
Process Identity
Each worker process
can be run as
Network Service
Local System
Local Service
Configured ID

IIS_WPG
New user group
IIS resource ACLs
configured for this
group

Network Service Account

New built-in
account
Very few privileges
Adjust memory quotas for a process
Generate security audits
Logon as a service
Replace process level token
Impersonate a client after
authentication
Allow logon locally
Access this computer from the
network

Provides additional
security because
worker processes
have few rights

SSL Improvements
Performance
Faster and more scalable than IIS 5.0
Remotable Certification Object
In IIS 5.0, could not remotely manage SSL certificates
because CSP is not remotable
CertObject allows remote certificate management
Selectable Crypto-Service Provider
Enables easy selection of third-party Crypto application
programming interface (CAPI) providers
Hardware SSL accelerators

SSL Improvements
SSL StreamFilter is hosted in LSASS.exe
process (can give up to 25% throughput
gains in SSL loads)
Aggressive SSL thread pool
Significant performance work on
multiprocessor machines
Increases up to 2X for some workloads on 8P
computers

Microsoft Passport
Authentication
Integrated with
Windows Server 2003
Can assign
permissions to
resources with
Passport accounts
Map Passport
credentials to
Microsoft
ActiveDirectory
accounts

Windows Server 2003

Authorization Framework
IIS 5.0 authorization model is resource-ACL
based
Object-oriented permissions
Web applications are operation/task-driven, not
object-driven
Application had to provide operation/task access control

IIS 6.0 extends the Windows Server 2003

authorization framework
URL-specific authorization
Authorization Manager
Application-specific access

FTP Security Features

IIS 6.0 isolates users into their own
directories
Locks users FTP session to a directory
under FTP root
Authenticates using local or domain
account
Using Active Directory account
Using local account
Anonymous access with user isolation

FTP Security Features

Isolation
levels
Compatibility/
no isolation
Small business/
stand-alone
isolation
Enterprise
isolation using
Active Directory
integration