Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Web Services
Overview
Application Platform Features
Reliability Features
Manageability Features
Performance and Scalability Features
Security Features
Application Platform
Features
Web Applications
The Application Server Role
Installing and Configuring the Application
Server Role
Configuring and Managing Your Server
Adding and Removing Components
Web Applications
A Web Application is a collection of content
accessed through hypertext protocols
Static content Web site
CGI scripts
ASP pages
ActiveX/COM components
ASP.NET pages
.NET Web Services
Components of multi-tier applications
Configure Your
Server/Manage Your Server
Easy Web server setup
Configures only services required for
application
Add/Remove Components
Allows for more
granular component
selection (and risk of
incorrect component
selection)
Reliability Features
Fault-tolerant Architecture
HTTP stack (HTTP.sys)
Application Pools
WWW Service
Worker Processes (W3WP.exe)
Fault-tolerant Architecture:
Issues
Web sites and applications may contain
flawed code
Web server needs to be active manager of
applications:
Be fault tolerant (not crash on application failure)
Monitor the health of Web sites and applications
Actively recycle/restart processes
Continue to queue requests
Reliability without sacrificing performance
IIS 5.0
All requests run through single process (Inetinfo.exe),
Out-of-process applications (dllhost.exe) were slow
Application failures could crash server, other applications
Fault-tolerant Architecture:
Solution
IIS 6.0 fault-tolerant process isolation architecture
Isolates applications from each other and Web
server
Core components
HTTP.sys: Kernel mode component for HTTP listening,
routing, queuing, and caching
Application pools: Groups sites and applications for
easy management of process isolation
WWW Service: Configuration and server
management, process health monitoring
Worker processes (W3WP.exe): Isolate Web site and
application processing
WWW
Service
Application Pool
Application Pool
W3WP.exe
W3WP.exe
Web
application
Web
application
HTTP.sys
Request
Response
Application Pools
Defines a set of Web applications managed
together
Separated by process boundaries
Served by one or more worker processes
Requests routed directly to pool by HTTP.sys
Not affected by sites and applications in other
pools
Application cannot be routed to another pool
while being serviced by the current pool
Applications can be assigned to different pools
running
while server is
Application Pools:
Configuration
Easy to create and manage
Can configure up to 20,000 application
pools per
server
WWW Service
Roles
Configures HTTP.sys
Manages worker processes
WWW Service:
Configuration
At IIS 6.0 startup
Reads metabase and initializes HTTP.sys routing
table
Creates one entry for each URL to app pool
mapping
Determines routing from request to worker
process
Worker Processes
Responsible for handling Web requests for
a set of sites and applications
Each application pool is served by one or
more worker process
Each worker process is selfcontained
Receives requests directly from HTTP.sys
Contains Web request processing functionality
Loads ISAPIs: filters and extensions (ASP,
ASP .NET, Microsoft FrontPage Server
Extensions)
Worker Processes:
Configuration
Worker process
can
be started as:
Network Service
(default)
Local System
Local Service
Configured ID
Process Mgr
metabase
WWW
Service
Config Mgr
INETINFO
Application
Pool 1
Application
Pool 2
Web Garden
W3WP.exe
W3WP.exe
W3WP.exe
ASP.NET ISAPI
ISAPI
Extensions
(ASP, etc.)
ASP.NET ISAPI
CLR Application
Domain
CLR Application
Domain
HTTP.sys
ISAPI Filters
CLR Application
Domain
CLR Application
Domain
Fault-tolerant Architecture:
Benefits
Dramatically increased reliability
No server reboots
Self healing on application failure
Increased scalability
Simplified server administration
Default
User
WWW
Service
Kill process
Publish event
Start new process Kernel
Or
Take a configured
action => Orphaning
W3WP.exe
Web
application
HTTP.sys
Manageability Features
Configuration Metabase
XML Metabase Advantages
Change Configuration While Running
Metabase Save Options
Metabase Import/Export
Server Configuration Backup/Restore
Improved Patch Management
IIS WMI Provider
Command Line/Script Administration
Web-based Administration Console
Logging
Configuration Metabase:
Before IIS 6.0
Hierarchical store of IIS
configuration information
Enables
Inheritance
Data typing
Change notification
Security
Admin UI
Active Directory
Service Interface
(ADSI)
metabase.bin
Better performance/scalability
Faster read times than IIS 5.0 binary metabase
Equivalent write performance to IIS 5.0 binary
metabase
What happens
Data saved to metabase.xml
WWW Service URL to application pool tables
updated
Metabase Import/Export
Export/import metabase config to/from
XML
Options include
Export/Import inherited properties
Export/Import node only (or entire subtree)
Password encrypt exported file
Server Independent
Backup/Restore
New
capabilities
in IIS 6.0
Backup with
password
Automatic
backups
Binary Logging
Allows for more than 10,000 sites to write to
a single log file in a binary, non-formatted
manner
Improved performance because data does not
need to be formatted
Kernel-mode Caching
Cached responses
served straight from
HTTP.sys
Can double speed
No user-mode transition
Applications will not see
requests if served from
cache
Static and dynamic content
Smart caching
User Application
ASP.NET/CLR
W3WP.EXE (IIS6.0)
User
Kernel
HTTP SYS
Network Stack
Request
Response
Cache
Processor Affinitization
Bind processes to one
or more CPUs
Mask-based
configuration
Web Garden
Application Pool
Worker Process
WWW
Servi
ce
ISAPI
Extension
ISAPI Filter
HTTP.sys
QoS features:
Connection limits
Connection timeouts
Application pool queue length limits
Bandwidth throttling
Process accounting
Memory-based recycling
Site Scalability
Targeting many thousands of sites per
machine
Current suggested maximum is 20000 sites
Other Platform
Improvements
64-bit support
Code base compiled for 32-bit and 64-bit platforms
Granular Compression
On congested network, useful to compress responses
In IIS 5.0, compression was an ISAPI filter and could only be
enabled for the whole server
IIS 6.0 allows file level compression
Security Features
Locked down by default
Multiple levels of security
Unlocking Functionality
Application Isolation
Network Service Account
SSL v3 Improvements
Configurable Worker Process ID
Passport Authentication
Windows Server 2003 Authorization Framework
Constrained Delegated Authentication
FTP Security Features
File verification
Server verifies that content exists before giving
request to request handler (ISAPI extension)
Unlocking Functionality
In default install, administrator must
manually enable:
ISAPI
CGI
ASP
ASP.NET
FPSE
WebDAV
Server Side
Includes
Application Isolation
One IIS 6.0 server can securely host many
Web sites and applications
Application pools provide unit of isolation
Isolation is achieved through:
Configurable worker process identity
Bandwidth and CPU throttling
Memory-based recycling
Configurable Worker
Process Identity
Each worker process
can be run as
Network Service
Local System
Local Service
Configured ID
IIS_WPG
New user group
IIS resource ACLs
configured for this
group
Provides additional
security because
worker processes
have few rights
SSL Improvements
Performance
Faster and more scalable than IIS 5.0
Remotable Certification Object
In IIS 5.0, could not remotely manage SSL certificates
because CSP is not remotable
CertObject allows remote certificate management
Selectable Crypto-Service Provider
Enables easy selection of third-party Crypto application
programming interface (CAPI) providers
Hardware SSL accelerators
SSL Improvements
SSL StreamFilter is hosted in LSASS.exe
process (can give up to 25% throughput
gains in SSL loads)
Aggressive SSL thread pool
Significant performance work on
multiprocessor machines
Increases up to 2X for some workloads on 8P
computers
Microsoft Passport
Authentication
Integrated with
Windows Server 2003
Can assign
permissions to
resources with
Passport accounts
Map Passport
credentials to
Microsoft
ActiveDirectory
accounts