Lap Around IIS7Lap Around IIS7

Bill StaplesBill StaplesProduct Unit Manager, IISProduct Unit Manager, IISCOM014 – A Lap Around IIS7COM014 – A Lap Around IIS7Microsoft CorporationMicrosoft Corporation

xxxxxxRoller Coaster RideRoller Coaster Ride

s e v e ns e v e nsupportabl

esupportabl

e

i n t e r n e t i n f o r m at i o n s e r v i c i n t e r n e t i n f o r m at i o n s e r v i c e se s

i n t e r n e t i n f o r m at i o n s e r v i c i n t e r n e t i n f o r m at i o n s e r v i c e se s

integrated

integrated

extensible

extensible

componentized

componentized

compatible

compatiblesecuresecuredelegate

ddelegate

d

IIS – a colorful pastIIS – a colorful past1996 - V1 & 2 ships for Windows NT 3.5 & 1996 - V1 & 2 ships for Windows NT 3.5 & 4.04.0

1997 – V4 part of NT 4 Option Pack1997 – V4 part of NT 4 Option Pack

2000 – V5 installed by default in Windows 2000 – V5 installed by default in Windows 20002000

20012001March 2001, #1 in Internet Site ShareMarch 2001, #1 in Internet Site Share

Fall 2001, Code Red and NimdaFall 2001, Code Red and Nimda

2003 – V6 released in Windows Server 2003 – V6 released in Windows Server 20032003

IIS 6 TodayIIS 6 TodaySecure by DesignSecure by Design

Extensive design & code reviewsExtensive design & code reviewsPenetration testingPenetration testingDefense in depth Defense in depth

Secure by DefaultSecure by DefaultIIS no longer installed by default with OSIIS no longer installed by default with OSIIS installs with “locked down” configurationIIS installs with “locked down” configurationRuns with minimal permissions, secure Runs with minimal permissions, secure configurationconfiguration

Process architecture designed for app failureProcess architecture designed for app failureHealth detectionHealth detectionAutomatic recycling of applicationsAutomatic recycling of applications

ZeroZero critical security patches since critical security patches since releaserelease

IIS 7 OverviewIIS 7 Overview

Configuration & Admin Tool Configuration & Admin Tool

Core ServerCore Server

DiagnosticsDiagnostics

CompatibilityCompatibility

SecuritySecurity

Dem

os

The MetabaseThe Metabase

Is Dead!Is Dead!(global web configuration is now stored in applicationHost.config)(global web configuration is now stored in applicationHost.config)

Centralized, admin-only configuration storeCentralized, admin-only configuration store

COM-only interfaceCOM-only interface

Poorly schematized XML formatPoorly schematized XML format

Built using 1996 era standardsBuilt using 1996 era standards

IIS 7 Configuration Enables You To...IIS 7 Configuration Enables You To...

Store IIS and ASP.NET settings in Store IIS and ASP.NET settings in

web.configweb.config

XCopy web settings along with contentXCopy web settings along with content

Share web settings across multiple Share web settings across multiple

serversservers

Extend configuration with your own Extend configuration with your own

schemaschema

… … in a clean, well-schematized formatin a clean, well-schematized format

The IIS Snap-in (inetmgr)The IIS Snap-in (inetmgr)

Is Dead!Is Dead!(the new administration tool is named (the new administration tool is named webmgr)webmgr)

Administrator only consoleAdministrator only console

Poorly factored UI (go where for security?)Poorly factored UI (go where for security?)

Difficult to use (one page has that many Difficult to use (one page has that many tabs?)tabs?)

DCOM remotingDCOM remoting

IIS 7 Admin Tool Enables You To...IIS 7 Admin Tool Enables You To...

Manage IIS and ASP.NET in one placeManage IIS and ASP.NET in one place

Manage individual sites and apps w/o Manage individual sites and apps w/o

machine admin privilegesmachine admin privileges

View health, diagnostics, users, more…View health, diagnostics, users, more…

Extend with your own Admin UIExtend with your own Admin UI

DelegatedDelegated

configure and deploy w/o admin privileges

For More Information…For More Information…

COM431: IIS 7 Extensibility (Part 2): COM431: IIS 7 Extensibility (Part 2):

Building Configuration and UI Building Configuration and UI

ModulesModules

Friday 1pm, Room 404ABFriday 1pm, Room 404AB

The Core Server & ISAPIThe Core Server & ISAPI

Is Dead!Is Dead!(IIS7 is now completely modular, built on public (IIS7 is now completely modular, built on public APIs)APIs)

All core IIS features implemented in All core IIS features implemented in w3core.dllw3core.dll

ISAPI difficult to master, not very flexibleISAPI difficult to master, not very flexible

ISAPI unused by IIS teamISAPI unused by IIS team

Built using 1996 era standardsBuilt using 1996 era standards

IIS 7 Core Server Enables You To...IIS 7 Core Server Enables You To...

Build new IIS modules on full-fidelity APIsBuild new IIS modules on full-fidelity APIs

Use native (C/C++) or Managed (C#, VB .NET) Use native (C/C++) or Managed (C#, VB .NET)

codecode

Use existing ASP.NET modules / handlersUse existing ASP.NET modules / handlers

Customize IIS footprint – per site or appCustomize IIS footprint – per site or app

IIS7 Core Web Server IIS7 Core Web Server ModulesModules

Http Protocol Http Protocol SupportSupportValidationRangeModuleValidationRangeModule TraceVerbModuleTraceVerbModule

OptionsVerbModuleOptionsVerbModule ClientRedirectionModuleClientRedirectionModule

Logging and Logging and DiagnosticsDiagnostics

HttpLoggingModuleHttpLoggingModule

CustomLoggingModuleCustomLoggingModule

Configuration and Metadata Configuration and Metadata CachesCachesConfigurationModuleConfigurationModule UriCacheModuleUriCacheModule

SiteCacheModuleSiteCacheModule FileCacheModuleFileCacheModule

Core Web ServerCore Web ServerDirectoryListingModuleDirectoryListingModule CustomErrorModuleCustomErrorModule

DynamicCompressionModuleDynamicCompressionModule StaticCompressionModuleStaticCompressionModule

StaticFileModuleStaticFileModule DefaultDocumentModuleDefaultDocumentModule

HttpCacheModuleHttpCacheModule

RequestMonitorModuleRequestMonitorModule

TracingModuleTracingModule

AuthN/AuthZAuthN/AuthZ

BasicAuthModuleBasicAuthModule

DigestAuthModuleDigestAuthModule

WindowsAuthModuleWindowsAuthModule

CertificateAuthModuleCertificateAuthModule

AnonymousAuthModuleAnonymousAuthModule

FormsAuthModuleFormsAuthModule

AccessCheckModuleAccessCheckModule

UrlAuthorizationModuleUrlAuthorizationModule

ExtensibilityExtensibility

ISAPIModuleISAPIModule

ISAPIFilterModuleISAPIFilterModule

CGIModuleCGIModule

ServerSideIncludeModuleServerSideIncludeModule

ManagedEngineModuleManagedEngineModule

PublishingPublishing

DavModuleDavModule

ComponentizedComponentized

powerful, flexible building blocks for minimal footprint

For More Information…For More Information…

COM303 IIS7: Building More Powerful COM303 IIS7: Building More Powerful

ASP.NET Applications with IIS7ASP.NET Applications with IIS7

Wednesday 1:45pm, Room 152/153Wednesday 1:45pm, Room 152/153

COM406 IIS7 Extensibility (Part 1): COM406 IIS7 Extensibility (Part 1):

Building New Core Server Building New Core Server

ModulesModules

Wednesday 11:00am, Room 406ABWednesday 11:00am, Room 406AB

IIS 7 Diagnostics Enables You To...IIS 7 Diagnostics Enables You To...

View real-time server state informationView real-time server state information

Control state of Sites, Apps, AppPools, Control state of Sites, Apps, AppPools,

AppDomainsAppDomains

Log detailed trace events across web platform Log detailed trace events across web platform

stackstack

Automatically log event traces on error Automatically log event traces on error

conditionsconditions

Extend trace logging with your own eventsExtend trace logging with your own events

SupportableSupportable

easy to diagnose and fix problems

For More Information…For More Information…

COM320 IIS7 Instrumenting, COM320 IIS7 Instrumenting,

Diagnosing, and Debugging Web Diagnosing, and Debugging Web

ApplicationsApplications

Wednesday 11:30am, Room 515ABWednesday 11:30am, Room 515AB

IIS 7 Compatibility Means…IIS 7 Compatibility Means…

Existing ISAPI filters and extensions just workExisting ISAPI filters and extensions just work

Classic ASP applications just workClassic ASP applications just work

ASP .NET v1.1 and v2.0 applications just workASP .NET v1.1 and v2.0 applications just work

ADSI and WMI scripts just work against new IIS ADSI and WMI scripts just work against new IIS

configconfig

CompatibleCompatible

existing applications just work

IIS 7 Security Enables You To...IIS 7 Security Enables You To...

Reduce attack surface through componentizationReduce attack surface through componentization

Configure / manage sites and apps w/o admin Configure / manage sites and apps w/o admin

privilegesprivileges

Easily secure web sites using unified authn/authz Easily secure web sites using unified authn/authz

modelmodel

Filter requests using built-in moduleFilter requests using built-in module

IIS 7 SummaryIIS 7 Summary

Distributed and delegated configurationDistributed and delegated configuration

Tremendous extensibility, flexibility and Tremendous extensibility, flexibility and

customizationcustomization

Rich diagnostics and troubleshooting supportRich diagnostics and troubleshooting support

Committed to compatibilityCommitted to compatibility

Continues to build on rock solid IIS 6.0 securityContinues to build on rock solid IIS 6.0 security

IIS7IIS7

© 2005 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.