virtual techdays india │ 18-20 august 2010 iis 7/7.5 tips & tricks jaskirat singh │...
Post on 24-Dec-2015
223 Views
Preview:
TRANSCRIPT
virtual techdaysINDIA │ 18-20 august 2010
IIS 7/7.5 Tips & Tricks
Jaskirat Singh │ Technical Lead [IIS|Asp.Net team], Microsoft
IIS 7 /7.5 Architect changes IIS 6 Architect flashback IIS 7 features/modular approach
Tip & Tricks Enabling SSL on IIS 7.0 Using Self-Signed Certificates
Kernel Mode SSL And Authentication FTP over SSL
New Management API/ APPCMD tool Demo
Running 32 bit and 64 bit worker process side by side on same server
virtual techdaysINDIA │ 18-20 august 2010
S E S S I O N A G E N D A
App pool identity feature
Server Core – No User interface
IIS Remote management /Feature delegation Allow Non-Admins to manage IIS remotely
App warm Module for cold start Can be used to avoid initial start up time
Troubleshooting using FREB
virtual techdaysINDIA │ 18-20 august 2010
IIS 7/7.5 Tip & Tricks continue…
IIS 6.0 Features
Worker process isolation mode
Health monitoring
Worker process recycling
Rapid-fail protection
XML based Metabase
Manage using WMI and ADSI
Tight security by default lock down
Enhanced logging mechanism
HTTP.sys logging
Performance and Scalability
Web gardens, Processor affinity, Ideal timeout, CPU Monitoring
Troubleshooting using ETW
virtual techdaysINDIA │ 18-20 august 2010
IIS 6 Quick Flash Back
IIS 7.0/7.5 ArchitectureIIS 7 -> win 2k8/VistaIIS 7.5 -> win 2k8 R2/Win 7
virtual techdaysINDIA │ 18-20 august 2010
IIS 7.0 leverages the reliability and security-focused architecture of IIS 6.0
Modular Web server
40 different components
Individual installation of each component
Role specific Web server deployment
Extensible architecture
ASP.NET integration
Form Authentication and URL authorization for static files (.htm, .css etc) and .asp
pages
Eliminates duplication of features
Common IIS and ASP.NET configuration file
Enhancement in hosting FastCGI application such as PHP
Distributed configuration system
Enhanced diagnostics and troubleshooting using Failed Request Tracing[FREB]
virtual techdaysINDIA │ 18-20 august 2010
IIS 7 Using Self Signed certificate feature
With IIS 6 , it was difficult to generate certificate even for testing purpose. Earlier We’ve submit to cert request to Local CA for self signed certificate.
But IIS 7.0 makes it radically easier to configure and enable SSL. IIS 7.0 also now has built-in support for creating "Self Signed Certificates" that enable you to easily create test/personal certificates that you can use to quickly SSL enable a site for development or test purposes.
virtual techdaysINDIA │ 18-20 august 2010
Kernel Mode SSL
Kernel Mode SSL[IIS7 kernel mode SSL is going to be the default setting and the only setting]
This give Tremendous performance gain in terms of context switching
virtual techdaysINDIA │ 18-20 august 2010
Kernel Mode Windows Authentication
On IIS 7 Windows Authentication is by default configured to run in kernel mode
When set it takes care of SPN setting for kerberos . But exceptions are there to the rule.
virtual techdaysINDIA │ 18-20 august 2010
virtual techdaysINDIA │ 18-20 august 2010
DEMO: Kernel Mode Auth / Creating Self signed certificatesJaskirat Singh │ Technical Lead, Microsoft
Management Api And APPCMD tool
IIS management (API) allows complete manipulation of the XML configuration files and convenience access to server objects The management classes reside in the Microsoft.Web.Administration namespace
Example : Create New Websiteusing System;using System.Collections.Generic;using System.Text;using Microsoft.Web.Administration;namespace MSWebAdmin_Application{ class Program { static void Main(string[] args) { ServerManager serverManager = new ServerManager(); Site mySite = serverManager.Sites.Add("Racing Cars Site", d:\\inetpub\\wwwroot\racing", 8080); mySite.ServerAutoStart = true; serverManager.CommitChanges(); }
virtual techdaysINDIA │ 18-20 august 2010
Management Api And APPCMD tool
AppCmd.exe is the single command line tool for managing IIS 7
Some of the things you can do with AppCmd: Create and configure sites, apps, application pools, and virtual directories Start and stop sites, and recycle application pools List running worker processes, and examine currently executing requests Search, manipulate, export, and import IIS and ASP.NET configuration
virtual techdaysINDIA │ 18-20 august 2010
virtual techdaysINDIA │ 18-20 august 2010
DEMO: Management API and APPCMD
Jaskirat Singh │ Technical Lead, Microsoft
Running 32 bit and 64 bit worker process side by side on same server
On Windows X64 bit you can run either worker process [w3wp.exe] either in 32 bit OR 64 bit but not the both on the same timeGood New on IIS 7.x , We can run 32 bit and 64 bit worker process on same time.
You can change the config manually or through UI or using appcmd
Using Appcmd:appcmd set apppool /apppool.name:MyAppPool32bit /enable32BitAppOnWin64:trueappcmd set apppool /apppool.name:MyAppPool64bit /enable32BitAppOnWin64:false
virtual techdaysINDIA │ 18-20 august 2010
IIS 7 Application Pool Identities
Worker processes in IIS 6.0 run as NETWORKSERVICE by default.[It was low privilege account]
Why ApplicationPoolIdenity in IIS7 ?
As more and more Windows system services started to run as NETWORKSERVICE. This is because services running as NETWORKSERVICE can tamper with other services that run under the same identity. Because IIS worker processes run third-party code by default (Classic ASP, ASP.NET, PHP code), it was time to isolate IIS worker processes from other Windows system services and run IIS worker processes under unique identities.
For every Application Pool you create, the IIS Admin Process (WAS) will create a virtual account with the name of the new Application Pool and run the Application Pool's worker processes under this account. Represented as "IIS AppPool\DefaultAppPool"
However, the identity is not a real user account; it will not show up as a user in the Windows User Management Console
virtual techdaysINDIA │ 18-20 august 2010
Server Core
Minimal Installation option for windows 2008 Available for X86 and X64 No User interface. Only CMD
Core sub system: Security Logon,networking(TCP/IP),file system etc Basic set of management tools: Configure ip address, create users,notepad ,taskmgr
Less patches 60% less than win 2000
More Secure, Reliable and Less Management
virtual techdaysINDIA │ 18-20 august 2010
IIS 7/7.5 Remote management And Feature delegation
Prerequisites for Remote management IIS 7.0 on Windows Server® 2008 or IIS 7.5 on Windows Server 2008 R2
The default IIS 7 installation options do not include the Management Service (also referred to as the Web Management Service (WMSVC)), which is required for remote administration
Only Windows Administrator can connect remotely to “Server” Level and not the IIS User
You can connect to IIS 7/7.5 remotely from Win XP SP-2 / Windows 2003 Sp-1 and Windows 7 after installing IIS Remote Manager
For enabling Write permission for any feature you’ve to configure permission and file ACLs For IIS Manager User (NT Service\WMSVC by default). For each Windows user or group
virtual techdaysINDIA │ 18-20 august 2010
virtual techdaysINDIA │ 18-20 august 2010
DEMO: IIS 7 Remote management And Feature DelegationJaskirat Singh │ Technical Lead, Microsoft
App Warm Up Module
Improving site performance Individual pages run faster Hide start-up cost for a cold application
Application Warm-Up Module in IIS 7.5 allows applications to automatically start without a request<applicationPools>
<add name="MyApplicationPool" startMode="AlwaysRunning" /> </applicationPools>
This helps us reduce the initial warm-up time for applications on the first request.
virtual techdaysINDIA │ 18-20 august 2010
virtual techdaysINDIA │ 18-20 august 2010
DEMO: App warm Up Module
Jaskirat Singh │ Technical Lead, Microsoft
Troubleshooting using FREB
It helps to figure out what exactly is happening with your request.At what point it failed.
It can be used to measure performance of the request
It can help in figuring out Module loading and executing order
virtual techdaysINDIA │ 18-20 august 2010
virtual techdaysINDIA │ 18-20 august 2010
DEMO: Enabling FREB Tracing
Jaskirat Singh │ Technical Lead, Microsoft
virtual techdaysTHANKS│18-20 august 2010
Jaskirat.singh@microsoft.com │ http://blogs.msdn.com/jaskis
top related