IIS 6 and You! Presented by Harold Chattaway Software Engineer www.softwarelifecycle.com The slides are at www.softwarelifecycle.com/downloads/iis6.ppt
Background
Author of “WebRad: Building database applications for the web with Visual FoxPro.” 3 time speaker for MS at DevDays in Boston Speaker at Client/Server World in Boston 2 time speaker at Great Lakes Database Conference Frequent UG speaker (VB, VFP, .NET). Developer/architect of www.Bugcentral.com A fully hosted defect tracking service. Developer/architect of www.softwarelifecycle.com. An integrated suite of software development tools.
Outline
What’s new in IIS 6? How to install? • New Install • Upgrade (walkthrough of actual upgrade) Administration Methods Creating/Configuration of web sites Securing IIS
Various Flavors
Win 2003 Standard Edition: Includes IIS6, supports 4 way SMP and 4 Gb of memory Enterprise Edition: 8 way SMP and up to 32 Gigs of memory DataCenter Edition: Only from OEM for high end critical systems with advanced clustering support. Web Edition: Meant just for web servers. Intended for rack mountable “blade” servers. Lacks Internet Connection Sharing, Services for Mac. Is not a domain controller, no clustering. Supports 2 way SMP and 2 gb of memory. Very lightweight.
New Features
HTTP “listener” is now part of OS Kernel. Hands off requests to separate worker processes. Greatly increase performance and reliability. “Application Pools” that can house a single or multiple web sites. Individually configurable properties. Large memory support for caching up to 64 Gigs of data. Not installed with Windows 2003. Must be installed separately. When installed, completely locked down. Every scriptmap needs to be added. New metabase in XML format. Can be edited while IIS is running.
HTTP.SYS
Kernel Mode process that listens for and routes HTTP requests to the proper applications. Is now part of TCP/IP stack in Windows. Handles returning cached versions of pages. No need to go to application level and switch from kernel mode to user mode. Can still queue requests even if the application handling requests has crashed. Handles TCP connections, logging services, bandwidth throttling, connection limits, and timeouts. This works with Web Administration Service (WAS) to manage requests…
Web Administration Service
At startup, retrieves websites from metabase and creates routing table for HTTP.SYS. Creates one entry for each application pool. Handles the health of the application pools by starting, stopping and recycling processes. It can “ping” the site and if not responding, it can terminate and start a new process to take its place.
Application Pools
Is given its own request queue from the HTTP.SYS listener. Contains one or more worker processes (w3wp.exe) If an application needs to be completely isolated from others, give it it’s own pool. “Demand Start” will only start an application when the first request is received. Saving memory and resources. “Idle Timeout” shuts down a process when idle for X number of minutes. Again saving resources. “Recycling” can be used to periodically restart a pool. Can use elapsed time, time of day or # of hits
Upgrading
Upgraded Windows 2k Server to Win 2k3 Enterprise Server. Took 43 minutes, very painless. Ran Windows Update, 6 critical updates. Take IIS 6 out of IIS Isolation Mode. (Website property sheet, Service Tab) Removed URLSCAN. Really not needed with IIS 6. Use Web Extension Service (WSE) to allow only ASP.NET app extensions. From IIS 5, it allows all. All extensions have to be explicitly allowed.
Configuring
IIS Is NOT installed as part of the main OS install.
Making the server an “Application Server”, installs IIS 6.
Administering •MMC can be used over LAN or WAN to administer machine. •Server 2003 Admin Tools Pack. Can’t be used on Win 2k but can be used on XP Pro with Service Pack 1. Can also be installed on a Win 2003 member server. •Remote Desktop Connection. Requires Terminal Services be installed on target machine. •Remote Desktop Web Connection: Can use IE 5 or above to connect to server. When installed on server, “tsweb” virtual directory is created. Point browser to this and an ActiveX control is downloaded to allow access. • or, you can turn on remote administration of the machine after IIS has been installed. •Installed by default with Web Edition, but not others! • Follow the links to the right to turn on… •Start|Control Panel|Add remove Programs •Windows Components|Application Server|Details •IIS|Details •World Wide Web Service|Details •Remote Administration(HTML)|Check off
Administering
For LAN, MMC is good choice. For remote machines, Remote Desktop is really the best choice. Gives console level access. Client is installed on local machine. HTML Remote Administration is limited. Can’t do eveything. Remote Desktop Web Connection is OK, but might need to download ActiveX control over connection first.
Creating a Website
WUGTEST will be routed to IP Address 172.16.0.5
Two ways of accessing on local machine… 1. 2.
•
http://localhost/WUGDEMO http://WUGDEMO, let’s try this one!
Edit the HOSTS file to include a reference to this URL. Located at: C:\WINDOWS\system32\drivers\etc\hosts
Creating a Website 1.
2.
3. 4. 5. 6. 7.
Create a new application pool in IIS Manager (WUGDEMO) Create a new directory under inetpub\wwwroot\WUGDEMO From IIS Manager, create new website. Point it at IP in HOSTS file Assign to the Application pool created above Create default.aspx in directory In browser, navigate to http://WUGDEMO
Security
By assigning web sites to pools, each pool can be secured separately. One will not spill into another. Three built-in identities: • Network Service: Very few privileges. • Local Service: Same as above can only access local resources • Local System: Bad! Has too many privileges.
Custom User: Here you can specify a custom user account. It must be part of the IIS_WPG Group to be able to control the pool! Best when connecting to a separate SQL Server box . Both accounts need to be on both machines. No passwords are stored anywhere in clear text. Check out your IIS logs! Unregistered MIME types are given a 404 error now. In IIS 5, they where downloaded.
Command-Line Options
VBS files are located in \windows\system32: • • • • • • • •
Iisapp.vbs: Lists web applications Iisback.vbs : Backups/restores/lists/deletes IIS configs Iiscnfg.vbs: Exports/imports config files. Iisext.vbs:manages web extensions Iisftp.vbs: manages FTP sites Iisftpdr.vbs: Manages FTP virtual directories. Iisvdir.vbs: Manages web site virtual directories. Iisweb.vbs: creates/deletes/start/stops websites.
Create website
location
Name
IP Address
Metabase
Instead of binary file, its now a plain text XML file Automatic versioning of files. History files are kept in \windows\system32\inetserv\history XML file is read into memory upon startup. Changes are first made to memory version then flushed to disk. Metabase can be backed up and moved to another machine Iiscnfg /copy can be used to copy an entire metabase to another machine. This removes machine specific info from the metabase. Great for replicating servers in a server farm environment.
Resources
www.iisfaq.com http://www.microsoft.com/downloads/details.aspx?FamilyID=80a1b6e6-829e-49b7-8c02-3 : Link to IIS Resource kit book. Each chapter is a DOC file. Great resource. http://www.microsoft.com/downloads/details.aspx?FamilyID=56fc92ee-a71a-4c73-b628-ad : Resource kit. www.iisanswers.com www.port80software.com
Books IIS 6 Administration by Mitch Tulloch ISBN:0-07-219485-5
The End
[email protected] 508-281-5404 Slides will be at www.softwarelifecycle.com/downloads/iis6.ppt