Managing PHP and PHP Managing PHP and PHP Applications on WindowsApplications on Windows

Drew RobbinsDrew RobbinsDeveloper EvangelistDeveloper EvangelistMicrosoft CorporationMicrosoft Corporation

Today’s Agenda…Today’s Agenda…

IIS 6.0 and IIS 7.0 PillarsIIS 6.0 and IIS 7.0 Pillars

Configuring PHP ApplicationsConfiguring PHP Applications

Securing PHP on WindowsSecuring PHP on Windows

Extending PHP ApplicationsExtending PHP Applications

Managing your IIS 7.0 SystemsManaging your IIS 7.0 Systems

Troubleshooting & DiagnosticsTroubleshooting & Diagnostics

SummarySummary

Scale-up/scale-outScale-up/scale-outKernel-mode cachingKernel-mode cachingIntegrated application platformIntegrated application platform

ScalabilityScalability

XML-based configurationXML-based configurationCommand line administrationCommand line administrationRemote administrationRemote administration

SystemSystemManagementManagement

Fault tolerant architectureFault tolerant architectureHealth monitoringHealth monitoringIntelligent queuingIntelligent queuing

ReliabilityReliability

Secure by defaultSecure by defaultSecure by designSecure by designSecure in deploymentSecure in deployment

SecuritySecurity

IIS 6.0 PillarsIIS 6.0 Pillars

To the Next Level, IIS 7.0 PillarsTo the Next Level, IIS 7.0 Pillars

Distributed, delegatable configurationDistributed, delegatable configurationRich ExtensibilityRich ExtensibilityIntegrated Configuration for Web PlatformIntegrated Configuration for Web Platform

ConfigConfig

Innovative, Brand-new IIS ManagerInnovative, Brand-new IIS ManagerAppCmd.exe: Command line administrationAppCmd.exe: Command line administrationHttp & Https Remote administrationHttp & Https Remote administration

SystemSystemManagementManagement

Brand-new State APIBrand-new State APIEasy-to-setup & Use Failed Request TracingEasy-to-setup & Use Failed Request TracingIIS & ASP.NET Integrated DiagnosticsIIS & ASP.NET Integrated Diagnostics

DiagnosticsDiagnostics

Customized, Componentized Web ServerCustomized, Componentized Web ServerReduced management of PatchesReduced management of PatchesURLScan built-in FunctionalityURLScan built-in Functionality

SecuritySecurity

Brand new Win32 APIBrand new Win32 APIIntegrated support for iHttpModules (ASP.NET)Integrated support for iHttpModules (ASP.NET)ExtensibilityExtensibility

SecureSecure

ReliableReliable

ScalabilityScalability

IIS 7.0

Metabase is goneMetabase is gone

Central File: ApplicationHost.configCentral File: ApplicationHost.configStrongly typed SchemaStrongly typed Schema

Uses ASP.NET semantics for .config filesUses ASP.NET semantics for .config files

Full Distributed ConfigurationFull Distributed ConfigurationUse only ApplicationHost.config using IIS 7 defaultsUse only ApplicationHost.config using IIS 7 defaults

Unlock: Give application developers control of Unlock: Give application developers control of individual sections, collections, elements, and more!individual sections, collections, elements, and more!

New scripting and command line tools for New scripting and command line tools for configuration.configuration.

Configuration & IIS 7.0Configuration & IIS 7.0

Demonstration OneDemonstration One

Configuring PHPConfiguring PHP

Slim & EfficientSlim & EfficientInstall only the components you needInstall only the components you need

Reduce attack surface to minimumReduce attack surface to minimum

Five timesFive times more granular than existing IIS more granular than existing IIS versionsversions

Servicing and patching on a per component Servicing and patching on a per component basisbasis

If you don’t install it, you If you don’t install it, you won’twon’t need to patch it need to patch it

Security & IIS 7.0Security & IIS 7.0

Demonstration TwoDemonstration Two

Securing PHP on WindowsSecuring PHP on Windows

Core ServerCore ServerBrand new Win32 Native InterfaceBrand new Win32 Native Interface

ALL IIS modules written using this interfaceALL IIS modules written using this interfaceUnlike ISAPI, IIS team uses this very API just like you willUnlike ISAPI, IIS team uses this very API just like you will

Full ASP.NET 2.0 SupportFull ASP.NET 2.0 SupportiHttpModule Interface available TODAY supportediHttpModule Interface available TODAY supportedASP.NET 2.0 Handlers run exactly as they do todayASP.NET 2.0 Handlers run exactly as they do today

ConfigurationConfigurationFully extensible using XML schema filesFully extensible using XML schema files

IIS Manager (User Interface)IIS Manager (User Interface)Using .NET 2.0, extend IIS Manager capabilitiesUsing .NET 2.0, extend IIS Manager capabilities

DiagnosticsDiagnosticsAdd your events directly into our pipelineAdd your events directly into our pipeline

Extensibility & IIS 7.0Extensibility & IIS 7.0

Today’s “Request Pipeline”Today’s “Request Pipeline”

w3svc

http.sys

cgicgi staticstaticfilefile

IsapiIsapiextsexts

handlershandlers

Pre-proc headersPre-proc headers

auth’c reqauth’c req

url mapurl map

loglog

End net sessionEnd net session

ISAPI Filter ISAPI Filter NotificationsNotifications

aspnet_isapi.aspnet_isapi.dlldll

IHttpModule EventsIHttpModule Events

url mapurl map

begin reqbegin req

auth’c reqauth’c req

auth’z reqauth’z req

resolve cacheresolve cache

handler maphandler map

handler exechandler exec

update req cacheupdate req cache

rel req staterel req state

end reqend req

IHttpHandlersIHttpHandlers

Trace.axdTrace.axd PageHandlerPageHandler

w3wp.exew3wp.exe

custom errorscustom errors

authenticationauthentication

logginglogging

compressioncompression

determine handlerdetermine handler

beginbegin

authenticateauthenticate

authorizeauthorize

resolve cacheresolve cache

map handlermap handler

acquire stateacquire state

pre-execute handlerpre-execute handler

executeexecute handlerhandler

release staterelease state

update cacheupdate cache

loglog

endend

forms authforms authwindows authwindows auth

digest authdigest auth

basic authbasic auth

IHttpModuleIHttpModule

*.aspx*.aspx trace.axdtrace.axd

IHttpHandlerIHttpHandler

isapi extisapi extstatic filestatic file

Native ModuleNative Module

Native HandlerNative Handler

native modulesnative modulesmanaged modulesmanaged modules

role mgrrole mgr

url auth’zurl auth’z

The New The New MergedMerged IIS7 Pipeline IIS7 Pipeline

was

http.sys

Demonstration ThreeDemonstration Three

Extending PHPExtending PHP

Wizards that Wizards that fully-complete fully-complete common taskscommon tasksFully delegable Fully delegable support to support to Windows/Non-Windows/Non-Windows Windows accountsaccountsEnhanced Enhanced support for support for common common ASP.NET ASP.NET configurationconfigurationWizard-based Wizard-based support for IIS support for IIS Troubleshooting Troubleshooting featuresfeatures

System Management & IIS 7.0: User InterfaceSystem Management & IIS 7.0: User Interface

Re-built WMI Re-built WMI provider provider offering full offering full support for support for new new configurationconfiguration

Fully Fully extensible to extensible to allow support allow support for your for your custom codecustom code

System Management & IIS 7.0: WMI ProviderSystem Management & IIS 7.0: WMI Provider

Set oService = GetObject("winmgmts:root\WebAdministration")

' Create binding for siteSet oBinding = oService.Get("BindingElement").SpawnInstance_oBinding.BindingInformation = "*:80:www.site.com"oBinding.Protocol = "http"

' Create site oService.Get("Site").Create _ "NewSite", array(oBinding), "C:\inetpub\wwwroot"

' Create application oService.Get("Application").Create _ "/foo", "NewSite", "C:\inetpub\wwwroot\foo"

AppCmd.exe offers quick access to new AppCmd.exe offers quick access to new IIS 7 configurationIIS 7 configuration

Quick, efficient access to new IIS 7 Quick, efficient access to new IIS 7 configurationconfiguration

Mirrors *.vbs files from IIS 6.0Mirrors *.vbs files from IIS 6.0

Built-in “pipe” supportBuilt-in “pipe” support

System Management & IIS 7.0: AppCmd.exeSystem Management & IIS 7.0: AppCmd.exe

C:\> C:\> appcmd list sitesappcmd list sitesSITE "Default Web Site" (id:1,bindings:HTTP/*:80:,state:Started)SITE "Default Web Site" (id:1,bindings:HTTP/*:80:,state:Started)SITE "Site1" (id:2,bindings:http/*:81:,state:Started)SITE "Site1" (id:2,bindings:http/*:81:,state:Started)SITE "Site2" (id:3,bindings:http/*:82:,state:Stopped)SITE "Site2" (id:3,bindings:http/*:82:,state:Stopped)

C:\> C:\> appcmd list requestsappcmd list requestsREQUEST "fb0000008000000e" (url:GET /wait.aspx?REQUEST "fb0000008000000e" (url:GET /wait.aspx?time=10000,time:4276 msec,client:localhost) time=10000,time:4276 msec,client:localhost)

WMIv2 & ADSI WMIv2 & ADSI SupportSupport

Existing Scripts will Existing Scripts will “just work”“just work”

Installing Metabase Installing Metabase support is easysupport is easy

Low-level interface Low-level interface to “re-route” Admin to “re-route” Admin Base Object (ABO) Base Object (ABO) calls to new calls to new configurationconfiguration

Relies on Relies on Inetinfo.exe service Inetinfo.exe service be presented and be presented and loadedloaded

System Management & IIS 7.0: CompatibilitySystem Management & IIS 7.0: Compatibility

Demonstration FourDemonstration Four

Managing IIS 7.0Managing IIS 7.0

New, in-process state information availableNew, in-process state information availableCurrent processes runningCurrent processes running

Application Pools Process Id (PID)Application Pools Process Id (PID)

Currently executing requestsCurrently executing requests

AppDomains loadedAppDomains loaded

Real-time starting & stopping of sitesReal-time starting & stopping of sites

Troubleshooting & Diagnostics in IIS 7.0: RSCATroubleshooting & Diagnostics in IIS 7.0: RSCA

Coolest feature of Coolest feature of ‘em all…‘em all…

Failed Request Failed Request Tracing traces all Tracing traces all requests through IIS requests through IIS pipelinepipelineAutomatically Automatically enabled on IIS 7enabled on IIS 7Easily identifies Easily identifies requests that are requests that are stuck, or failingstuck, or failingIdentifies time taken Identifies time taken in each module, in each module, helping analyzing helping analyzing long running long running requestsrequests

Begin RequestBegin Request

Read MetadataRead Metadata

AuthenticateAuthenticate

AuthorizeAuthorize

CachedCached

ISAPI FilterISAPI Filter

Determine Determine HandlerHandler

Troubleshooting & Diagnostics in IIS 7.0: FREBTroubleshooting & Diagnostics in IIS 7.0: FREB

Demonstration FiveDemonstration Five

Failed Request Event BufferFailed Request Event Buffer

IIS 7 ExtensibilityIIS 7 Extensibility

Maximum Maximum extensibilityextensibility

Native & Managed Native & Managed Code supportCode support

Platform extensibility Platform extensibility in Core Server, WMI, in Core Server, WMI, User Interface, and User Interface, and DiagnosticsDiagnostics

Putting it all Together…SummaryPutting it all Together…SummaryIIS 7.0IIS 7.0

SecuritySecurity

ReliabilityReliability

ScalableScalable

ExtensibleExtensible

ConfigConfig

SystemSystemManagementManagement

DiagnosticDiagnostic IIS 7 ManagementIIS 7 Management• IIS Manager rebuilt IIS Manager rebuilt

from ground upfrom ground up• Built in delegation Built in delegation

supportsupport• Support Windows & Support Windows &

non-Windows accountsnon-Windows accounts• Remote admin supportRemote admin support• Fully extensibleFully extensible

IIS 7 Security:IIS 7 Security:Very strong Very strong customized web customized web serversserversLightweight Lightweight processes for processes for minimum footprintminimum footprintStrong Request Strong Request Filtering to push Filtering to push URLScan into URLScan into productproduct

IIS 7 DiagnosticsIIS 7 DiagnosticsReal-time state Real-time state information exposed information exposed via script & managed via script & managed codecodeView currently View currently executing requests in executing requests in IIS Manager or ScriptIIS Manager or ScriptFailed Request Failed Request Tracing: Zero-repro Tracing: Zero-repro diagnosticsdiagnostics

IIS 7 ConfigurationIIS 7 ConfigurationMetabase…GONE!Metabase…GONE!Strongly Strongly SchematizedSchematized Configuration ConfigurationDistributed & Distributed & Delegation built Delegation built directly into new directly into new configurationconfigurationFull support for Full support for previous versions previous versions usage of ABOusage of ABO

IIS’s new home for the IIS’s new home for the community…community…

ResourcesResourcesTechnical Chats and Webcastshttp://www.microsoft.com/communities/chats/default.mspx http://www.microsoft.com/usa/webcasts/default.asp

Microsoft Learning and Certificationhttp://www.microsoft.com/learning/default.mspx

MSDN & TechNet http://microsoft.com/msdnhttp://microsoft.com/technet

Virtual Labshttp://www.microsoft.com/technet/traincert/virtuallab/rms.mspx

Newsgroupshttp://communities2.microsoft.com/communities/newsgroups/en-us/default.aspx

Technical Community Siteshttp://www.microsoft.com/communities/default.mspx

User Groupshttp://www.microsoft.com/communities/usergroups/default.mspx

© 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.

The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation.

MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.