dep320 deploying iis 6.0 tips and tricks vikas malhotra program manager internet information...
Post on 25-Dec-2015
215 Views
Preview:
TRANSCRIPT
IIS 6.0 Enhancements
SecuritySecurity
ReliabilityReliability
ScalabilityScalability
SystemSystem
ManagementManagement
SystemSystem
ManagementManagement
Fault tolerant architectureFault tolerant architectureHealth monitoringHealth monitoringIntelligent queuingIntelligent queuing
XML-based configurationXML-based configurationCommand line administrationCommand line administrationRemote administrationRemote administration
Scale-up/scale-outScale-up/scale-outKernel-mode cachingKernel-mode cachingIntegrated application platformIntegrated application platform
Secure by defaultSecure by defaultSecure by designSecure by designSecure in deploymentSecure in deployment
Planning for deploymentPrepare
IIS Deployment Guidehttp://www.microsoft.com/windowsserver2003/technologies/webapp/IIS Resource Kit
Inventory apps (ASP, ASP.NET, ISAPI, CGI)Determine dependenciesFlag apps requiring special attention
Plan install process Clean install
WP isolation modeUpgrade
IIS 5 isolation mode
BenchmarkBefore and after
Upgrade Recommendations
After upgrading, document everything you did to get things working
E.g., enabling ISAPIs
Setting ACLs
Put box in production and monitor for 500 errors
Compare with known good box that’s not been upgraded
Helps identify anything to tweak on other boxes
IIS ToolsShipping in IIS 6 ResKit
Delegated administration
Log parserSearch for data and patterns in IIS log files
Export data to SQL database
MBExplorerRegEdit and MetaEdit-like tool for easy metabase access
Host helper serviceRegisters sites automatically with WINS and DNS
WCATRuns simulated workloads on client-server configurations
IIS 4/5 to IIS 6 migration
Apache to IIS migration
Out of band releasesURLscan
‘First-time’ user tips
Web service extensionsISAPIs are disabled by default
IIS UI shows Web Service Extensions first time
Mime maps404 returned if file doesn’t have mime map entry
Can override behavior globally or at vdir level Add “*,text/xml” mime map
Careful! Overrides secure setting
ASP and ASP.NET tips
ASP.NET v1.1 May need to point existing Windows Server 2003 Framework applications to v1.0 bits
ASP.NET v1.0 only supports IIS 5 compatibility mode
ASPParent paths disabled by default
E.g., paths using ..\
Can override by setting AspEnableParentPaths
Security tips
Installing IIS on FATSome OEMs build machines first on FAT volumes, then convert to NTFS
Inherently insecure – no way to apply necessary ACLs if IIS is already installed
IIS displays warning message but user can continue
FPSE blocks installation on FAT
IE hardening may break some functionalityFunctionality removed from local intranet zone (e.g., local UNC paths)
Remote administration tipsSupported scenarios
IIS 6 to IIS 6
IIS 6 to IIS 5.1, IIS 5 and IIS 4
Unsupported scenariosIIS 4, IIS 5, IIS 5.1 to IIS 6
Can’t use Windows XP Pro to administer Windows Server 2003
PlansShipping IIS UI snap-in upgrade to XP SP2
FPSE tipsFixed in Windows Server 2003
UNC websFPSE 2002 supports webs on remote file shares
Previous versions blocked configuring web on UNC path
Multiple front-end servers untested
Performance with IIS 6
App pool supportExtensions run in separate app pool but apps can be in their own app pool
FPSE tipsImproving multi-site security
Problem: FPSE permitted browsing other webs via NETWORK/INTERACTIVE ACE on virtual server root
Content viewable by FTP or FSO
Fix: Use group accounts to separate accessEnabled by regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Shared Tools\Web Server Extensions\All Ports\anonusergroupprefix
Associate group account with specific virtual server: HKEY_LOCAL_MACHINE\Software\Microsoft\Shared Tools\Web Server Extensions\Ports\Port <instance number>\anonusergroup
FPSE tipsWhat to watch out for
Two versions of FPSE 2002Download lacks functionality needed by IIS 6
Latest version installable by Configure Your Server
Dropped support for lightweight extensions
Upgrade from Windows 2000Multiple vservers aren’t upgraded automatically
FPSE 2000 not supported
Removed WAIS search engineIndex Server is recommended replacement
Only local content searching supported
Improved indexing functionality in SP1
App Pool TipsConfigure app pools for each unique application or web siteLarge apps with many pages
Different parts of app have different impacts on perf and resource useOptimize by splitting app into multiple vdirsAssign each vdir to its own app pool
AppPoolQueueLengthSets size of HTTP request queue4000 is default Need more with more req/sec & slower bandwidthRequests remain in NPP until final ACK received from client
Things to avoidISAPI filters using SF_NOTIFY_READ_RAW_DATA
Can’t run in worker process isolation modeUse HSE_REQ_EXEC_URL instead to:
Rewrite URLModify request entity bodyCall another ISAPI Extension
Problematic ISAPIs in IIS 6Global filters Singleton ISAPIs don’t scale well across multiple worker processesISAPIs that don’t play well with others
IISReset & rebootsTools that kill/start IIS processes directlyExtensive metabase schema modificationsADSI scripts
Supported for compatibilityStart using WMI
Things to work around
CDONTS doesn’t ship on Windows Server 2003
Replace references to use CDOSYS
Superset of CDONTS
Troubleshooting & tracing Try orphaning bad worker process & set orphan action to launch AD+ or debugger
Use app pools to isolate bad apps
In production with IIS 6.0 since RC1
100k current connections during the day
Over 470 million hits per day for www
Highest availability among peers in industry
No security failures
Case Study: Microsoft.com
Source: KeyNote
Top Domains
Daily 30 Day History 90 Day History 2002 Year-To-Date
Rank SiteAvail. % Rank Site
Avail. % Rank Site
Avail. % Rank Site Avail. %
#1 MSFT 99.93 #1 MSFT 99.87 #1 MSFT 99.85 #1 MSFT 99.79
2 Sun 99.80 2 Sun 99.85 2 Sun 99.75 2 MSN 99.59
2 Yahoo 99.80 3 Oracle 99.75 3 Oracle 99.76 3 Yahoo 99.53
3 Oracle 99.73 4 Yahoo 99.67 4 Yahoo 99.48 4 Sun 99.25
4 MSN 99.60 5 AOL 99.44 5 AOL 99.45 5 AOL 99.05
5 AOL 99.14 6 MSN 99.30 6 MSN 99.35 6 Oracle 94.75
Case Study: Qwest
Strategic decision to switch to XML Web services platform
Detailed case study available on http://ww.microsoft.com Significant performance improvements for ASP.NET
At same CPU usage, approx 450 req/sec on IIS 5, 750 req/sec on IIS 6.0
Application pools used for process isolation25 LOB apps per serverReduced problems with debugging and rogue apps
Switching some apps from J2EE to ASP.NET75% reduction in project cycle time
Case Study: Schlund (1 & 1)
Summer 2002 – Launched IIS 6 shared hosting
October 2002 – Launched service in UK
Benefits of IIS 6Scalability/site density – 3000 IIS 6.0 sites per box
App pools – isolation from failures
Stability/reliability – iisreset not needed
Quote: “Microsoft FTP is rock solid!”
Next StepsNext StepsPlan your IIS 6 deployment or upgrade
‘Must-have’ upgrade for NT4/IIS 4 systems
Read whitepapers for unique scenariosUpgrades and Migrations
Application Isolation and Consolidation
NAS/UNC-based content and multi-server farms
Find help from others in the IIS community
Ask The ExpertsGet Your Questions Answered
I will be in the ATE after this session and throughout the week
Other Program Managers are here and will be also working in the ATE to help you out
Community Resources
IIS Community Portalhttp://www.microsoft.com/windowsserver2003/community/centers/iis/
IIS Portalhttp://www.microsoft.com/iis
IIS NewsgroupsMicrosoft.public.inetserver.iisMicrosoft.public.inetserver.iis.ftpMicrosoft.public.inetserver.iis.security
NewsgroupsConverse online with Microsoft Newsgroups, including Worldwidehttp://www.microsoft.com/communities/newsgroups/default.mspx
Community Resourceshttp://www.microsoft.com/communities/default.mspx
Most Valuable Professional (MVP)http://www.mvp.support.microsoft.com/
User GroupsMeet and learn with your peershttp://www.microsoft.com/communities/usergroups/default.mspx
© 2003 Microsoft Corporation. All rights reserved.© 2003 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.
Questions?Questions?Product Feedback?Product Feedback?
vmalhot@microsoft.comvmalhot@microsoft.com
© 2003 Microsoft Corporation. All rights reserved.© 2003 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.
top related