iis fundamentals

18
Chapter 1 IIS Fundamentals 3

Upload: riyas-jacksparow

Post on 07-Apr-2018

241 views

Category:

Documents


0 download

TRANSCRIPT

Page 1: Iis Fundamentals

8/4/2019 Iis Fundamentals

http://slidepdf.com/reader/full/iis-fundamentals 1/18

Chapter 1IIS Fundamentals

3

Page 2: Iis Fundamentals

8/4/2019 Iis Fundamentals

http://slidepdf.com/reader/full/iis-fundamentals 2/18

Internet Information Services (IIS) is Microsoft’s suite of applications for the Internet.With support for the web, File Transfer Protocol (FTP), Network News TransferProtocol (NNTP), and Simple Mail Transfer Protocol (SMTP) for e-mail, IIS is much

more than just a web server. Because it is fully integrated at the operating system level,

it integrates well with Microsoft .NET applications, and it allows organizations to addInternet capabilities that weave directly into the rest of their infrastructure.As the Internet becomes more prevalent in our daily lives, the infrastructure behind

it becomes more complicated, and the knowledge of how to support that infrastructure becomes more valuable. This chapter will introduce you to Windows Server 2003 (WS03)and the features of IIS 6. It also covers the metabase (which holds all the configurationinformation for IIS) and the architecture of IIS 6. Let’s get started.

About Windows Server 2003IIS 6 is the latest version of Microsoft’s web server, and it’s packaged with Windows

Server 2003, which comes in four flavors: Web Server, Standard Server, Enterprise Server,and Datacenter Server.

Web Server is a limited functionality version. It gives you everything you needto run a web server, including network load balancing, but it can’t act as a domaincontroller. It also can’t act as a certificate authority and issue certificates. The upside?Lower price.

Standard Server is your garden-variety server operating system. It offers the standardfunctionality and is the version most people run.

Enterprise Server gives you everything Standard Server does, plus the ability tomake a four-node cluster network configuration. In addition, if the hardware supportsit, you can add memory while the server is running. Enterprise Server also allows you

to cluster servers together for fault tolerance, rather than just balancing traffic acrossservers. Enterprise Server will also be released in a 64-bit edition.

Datacenter Server, the big dog of the family, supports the most processors and themost RAM, all at a greater cost. It also offers Microsoft’s Datacenter support program.Datacenter Server includes support for up to eight-node clusters. Like Enterprise Server,Datacenter Server will be released in a 64-bit edition.

Hardware Support in Windows 2003The big draw of a more expensive version is its hardware support. The followingtable details the hardware supported by each version of WS03; as you can see, the

more expensive the version, the more memory and processors it can support.

Web Standard Enterprise Datacenter

Max RAM 2G 4G 32G* 64G*

Max Processors 2 2 8 32

*The Itanium processors support twice the RAM in these versions.

4  I I S 6 : T h e C o m p l e t e R e f e r e n c e

Page 3: Iis Fundamentals

8/4/2019 Iis Fundamentals

http://slidepdf.com/reader/full/iis-fundamentals 3/18

Installing Windows 2003The installation of WS03 is similar to the installation of previous versions of the OS,and since this is a book about IIS, we won’t go into detail about the install. However,here are a few tips to remember about installing WS03:

■ Use NTFS partitioning Remember to use NTFS partitioning, because an IISserver is typically exposed to the outside world. Even if that’s not the case, theserver still needs to be secure. Use NTFS on every partition on the IIS server.

■ Separate OS files from data files Use more than one partition. With Windows2003, you can create a really big C drive to store everything, but why would youwant to? Multiple partitions help you keep everything more organized, and ifyou do lose your OS partition, your data has a better chance of surviving.

■ Use TCP/IP Since the Internet is based on TCP/IP (Transmission ControlProtocol/Internet Protocol), you must be using TCP/IP as a network protocol

for IIS to work.

C h a p t e r 1 : I I S F u n d a m e n t a l s

A Little HistoryBefore we get started installing IIS, let’s take a trip down memory lane and coverthe history of IIS.

Version 1 IIS 1 was available as an add-on to Windows NT 3.51. It didn’t havemany features, but it included the standard web, FTP, and gopher services.

Version 2 IIS 2 was included with Windows NT 4. It wasn’t tremendously

different from IIS 1.

Version 3 IIS was upgraded to version 3 when Service Pack 3 for Windows NT 4was installed. It included new features, such as Active Server Pages (ASP).

Version 4 IIS 4 was available with the Windows NT 4 Option Pack. It was amajor overhaul of IIS, removed the Gopher service, and greatly enhanced thefeature set of IIS.

Version 5 IIS 5 was included with Windows 2000 Server. It was not a majorupgrade from IIS 4.

Version 6 IIS 6 represents a fundamental shift in the web services productoffering from Microsoft. While the FTP, SMTP, and Network News TransferProtocol (NNTP) services are not extremely different, the web server componentof IIS 6 has a new focus on security and fundamental changes in the way it behavesat its core.

Page 4: Iis Fundamentals

8/4/2019 Iis Fundamentals

http://slidepdf.com/reader/full/iis-fundamentals 4/18

Installing IISIn Windows 2000 Server, IIS was part of a default installation. However, in WS03, youmust install IIS manually. With Microsoft’s new mindset of “off by default,” IIS is nolonger part of a default installation.

Here’s how to install IIS:

1. In the Control Panel, click Add Or Remove Programs to open the Add OrRemove Programs dialog box.

2. Click the Add/Remove Windows Components icon on the left. The WindowsComponents Wizard will pop up.

3. Click Application Server, and then click the Details button.

4. The IIS components are located in the Internet Information Services area.

If you click the IIS checkbox, only the default components will be installed. To install

optional components (subcomponents), you must select them manually.

The IIS SubcomponentsAs indicated in step 3 in the preceding section, you’ll click Details to see thesubcomponents of IIS, which are shown in Figure 1-1.

Choose all the subcomponents you want to install, and then click OK three timesto get back to the main Windows Components screen. When you click Next, you may be prompted for the Windows 2003 CD, if it’s not already in the drive.

6  I I S 6 : T h e C o m p l e t e R e f e r e n c e

Figure 1-1. Subcomponents of IIS 

Page 5: Iis Fundamentals

8/4/2019 Iis Fundamentals

http://slidepdf.com/reader/full/iis-fundamentals 5/18

Background Intelligent Transfer Service

(BITS) Server ExtensionsThe BITS Server Extensions contains two components: an Internet Server ApplicationProgramming Interface (ISAPI) filter to allow BITS uploads, and the server extensions

snap-in.

 An ISAPI filter is basically a dynamic link library (DLL) that gets first crack at incoming Hypertext Transfer Protocol (HTTP) code. ISAPI technology is covered in detail inChapter 17.

BITS allows files to be transferred in the background so as not to interrupt anyactive users on a system. File transfers are throttled to limit their bandwidth use. Ifa file is interrupted because of a broken connection, it will continue transferring whenthe connection is reestablished. When the file is completely transferred, the applicationrequesting that file is notified.

BITS is installed with Windows 2003 and Windows XP, and it is available as anadd-on for Windows 2000.

Common FilesYou must install this component or IIS won’t work.

File Transfer Protocol (FTP) ServiceThis component is not installed by default. The FTP service allows for the creation ofan FTP server, where users can upload and download files.

FrontPage 2002 Server ExtensionsSelecting this component installs the software necessary for users to upload their websites to the server directly through Microsoft FrontPage or Visual InterDev. This allowsweb page authors a greater degree of control on your web server, and installing it canalso be considered a security risk.

Internet Information Services ManagerThis component installs the Microsoft Management Console (MMC) snap-in thatallows you to administer IIS. Like Common Files, it’s mandatory.

Internet Printing

This component installs the options that allow you to configure and share printersover HTTP. This option is the same as the Windows 2000 Server web printing options.In WS03, it is now an optional service.

NNTP ServiceThis component installs the News Server, which allows the creation of newsgroups.

C h a p t e r 1 : I I S F u n d a m e n t a l s

Page 6: Iis Fundamentals

8/4/2019 Iis Fundamentals

http://slidepdf.com/reader/full/iis-fundamentals 6/18

SMTP ServiceThis installs the SMTP Service, which allows the IIS server to send e-mail. It’s usefulfor those web sites that let visitors send e-mail.

World Wide Web ServiceThe World Wide Web Service is the one you’ve been looking for. It provides HTTPservices and comprises several subcomponents.

Active Server Pages The Active Server Pages subcomponent installs the ASP DLLand other files that support ASP for your web server. This option is always installed,although it is disabled by default.

Internet Data Connector Internet Data Connector (IDC) allows for databaseconnectivity in your web site. This option is always installed.

Remote Administration (HTML) Installing this option enables you to administerIIS remotely through a web browser. This is different from the previous HTMLadministration options for IIS, with which you could administer only the same server.

Remote Desktop Web Connection This installs the ActiveX control that allowsInternet Explorer web browsers to connect to a terminal server session using the pagesprovided. This was available in Windows 2000 as the Terminal Services Advanced Client.

Server Side Includes This provides support for server-side includes and is alwaysinstalled.

WebDAV Publishing WebDAV stands for Web-based Distributed Authoring andVersioning. It is a set of extensions to HTTP that allows users to access and managefiles on WebDAV published directories on your web server. It is always installed.

World Wide Web Service This component installs the core WWW serviceapplication. Without this, many IIS components won’t function.

IIS ServicesSeveral services run to support IIS; each is listed in the services control panel for WS03.The services that appear depend on which components of IIS are installed. If a componentisn’t installed, the associated service will not appear in the services control panel.

IIS Admin Service This is the main administration service for IIS. All the otherservices depend on this service, so if this service is stopped, all other IIS serviceswill stop as well.

FTP Publishing This is the service behind the FTP server component of IIS.

8  I I S 6 : T h e C o m p l e t e R e f e r e n c e

Page 7: Iis Fundamentals

8/4/2019 Iis Fundamentals

http://slidepdf.com/reader/full/iis-fundamentals 7/18

World Wide Web Publishing This is the service behind the web server componentof IIS.

Simple Mail Transfer Protocol (SMTP) This is the service behind the SMTP server

component of IIS.

Network News Transfer Protocol (NNTP) This is the service behind the NNTPserver component of IIS.

HTTP SSL This is the service that enables the WWW Publishing service to performSSL (Secure Socket Layer) certificate functions. The WWW Publishing service dependson this service.

Service dependencies allow services to be linked so that a service that needs anotherservice won’t be started without its partner. Dependencies can be viewed in theDependencies tab of the Properties window for a service.

The IIS Directory StructureThe core components of IIS are stored at %systemroot%\System32\inetsrv. The directorystructure under inetsrv is shown in the following table:

Directory Explanation

 ASP Compiled Templates If you use an ASP template for your site, it is stored here.

 History The history folder for the metabase changes, which allows

you to roll back the metabase.

iisadmpwd Contains ASP pages dealing with IIS Adminauthentication.

 MetaBack The default directory for metabase backups.

For more information on the metabase, see the section “The Metabase” later inthis chapter.

The Administration Web Site

In IIS 6, the administration web site allows you to administer your entire Windowsserver from a local or remote web browser. The administration web site is locatedat %systemroot%\System32\ServerAppliance. It runs over SSL on port 8098, by default.To access the administration web site, type in https://machinename:8098 (wheremachinename stands for the name of the machine you wish to administer) in yourweb browser’s address line.

C h a p t e r 1 : I I S F u n d a m e n t a l s

Page 8: Iis Fundamentals

8/4/2019 Iis Fundamentals

http://slidepdf.com/reader/full/iis-fundamentals 8/18

10  I I S 6 : T h e C o m p l e t e R e f e r e n c e

IIS Help FilesAll the help files in IIS 6 have been moved to a central location, along with all otherWindows help files. They are located at %systemroot%\help\iishelp. The best way toaccess IIS help is to choose Help | Help Topics in the MMC.

The Inetpub DirectoryThe Inetpub directory is the main content directory of IIS. Under Inetpub are all thecontent directories for each service installed. The default path for the Inetpub directoryis C:\Inetpub.

The content directories under Inetpub are shown in the following table:

Directory Description

 AdminScripts Contains some Visual Basic scripts for use in administering

your IIS server ftproot The top level directory for the FTP service

mailroot The top level directory for the SMTP service

nntpfile The top level directory for the NNTP service

wwwroot The top level directory for the default web site

Accounts Used by IISBecause everything in WS03 has to run within a security context, and an account isrequired for access, IIS installs two accounts and one group to your account databasefor its use. These allow IIS to run code and worker processes and allows people toaccess your site. These accounts and group are discussed next.

IUSR_COMPUTERNAMEThis user account grants anonymous access to a web site when a user connects to a webpage without any security information of his or her own. This user is not a member ofany group other than Guests, by default.

IWAM_COMPUTERNAMEThis user account is used to launch worker processes. It is a member of the IIS_WPG group.

IIS_WPGThe members of this group can run worker processes. Any user account that runsworker processes needs to be a member of this group. This is a low security account

Page 9: Iis Fundamentals

8/4/2019 Iis Fundamentals

http://slidepdf.com/reader/full/iis-fundamentals 9/18

that has the rights of Network Service. Processes using the Network Service level ofrights can access the server as though they were running from outside the server, sothey don’t have direct access to the operating system.

You can view these in the Computer Management MMC, in the AdministrativeTools group. Here’s how to open Users and Groups:

1. At the Start menu, click Administrative Tools and then Computer Management.

2. In the Computer Management MMC, users and groups are listed separatelyunder Local Users and Groups.

3. However, if this computer is a domain controller, users and groups are locatedin the Active Directory Users And Computers under Administrative Tools.

Navigating IIS

IIS is managed through an MMC snap-in. The MMC is a framework that allows fora common look and feel across applications. IIS 6 is managed by, simply enough, theIIS snap-in. The IIS MMC is located under Administrative Tools in the Start menu.

The Microsoft Management ConsoleThe IIS Manager snap-in (or MMC), shown in Figure 1-2, allows you to manage all theFTP sites, application pools, web sites, SMTP virtual servers, and NNTP virtual serverson this machine or any other machine to which you connect. By default, you are connectedto the local computer: if you right-click your local computer and choose Connect, youcan choose to connect to and manage another computer.

C h a p t e r 1 : I I S F u n d a m e n t a l s

Figure 1-2. The IIS Manager snap-in

Page 10: Iis Fundamentals

8/4/2019 Iis Fundamentals

http://slidepdf.com/reader/full/iis-fundamentals 10/18

Managing a Site with the MMCAcross the top of the IIS Manager is a toolbar that allows you to perform basic functionson your site. Above the toolbar, the menu bar contains all the management commands.It’s important that you understand that the MMC is a separate program from IIS, and

that not all the options here deal with IIS. They may configure portions of the MMCinstead. The toolbar and menu bars will change, depending on what is selected in theleft pane of the IIS Manager window.

Typically, the easiest way to manage a component is to use the shortcut menu thatappears when you right-click a component. All valid administration commands arelisted on this menu. Most of the configuration options are listed under the Propertiescommand.

Local Computer Properties The properties for the local computer allow youto change the options that globally affect all components of IIS. To access the localcomputer properties, right-click computername (Local Computer) in the IIS MMC,

and then choose Properties. You’ll see the Properties window shown in Figure 1-3.Changing something here requires that IIS be restarted after you make the change.

Two options affect IIS as a whole: Enable Direct Metabase Edit and Encode Web LogsIn UTF-8.

12  I I S 6 : T h e C o m p l e t e R e f e r e n c e

Figure 1-3. Local computer Properties window 

Page 11: Iis Fundamentals

8/4/2019 Iis Fundamentals

http://slidepdf.com/reader/full/iis-fundamentals 11/18

The Enable Direct Metabase Edit option allows you to edit the metabase while IIS isrunning. In previous IIS versions, the metabase was a binary file that could be accessedonly with a resource kit utility. Now, as an XML (eXtensible Markup Language) file, youcan edit the metabase with Notepad. You can cut and paste the configuration, save, andit will take effect immediately. This does require the metabase history to be enabled, but since that’s the default, it shouldn’t be a problem.

The Encode Web Logs In UTF-8 option sets the web and/or FTP logs to log in theUTF-8 standard rather than in the local character set. UTF-8 is a standard for encodingtext with 8-bit encoding of Unicode characters. One to six octets are used to representeach character. UTF-8 uses a universal character set and preserves the ASCII text for backward compatibility.

The MetabaseThe metabase is roughly equivalent to the registry for IIS: it holds all the configuration

information for IIS. In previous versions, the metabase was a binary file that could beedited only by the metabase editor, part of the resource kit. In IIS 6, the metabase is agood old XML text file (as shown in Figure 1-4) that can be edited with Notepad. Eventhough the metabase in IIS 6 is completely different, it is still completely compatiblewith the IIS 5 metabase, so all the same APIs and scripts still work.

C h a p t e r 1 : I I S F u n d a m e n t a l s

Figure 1-4. View of a metabase file 

Page 12: Iis Fundamentals

8/4/2019 Iis Fundamentals

http://slidepdf.com/reader/full/iis-fundamentals 12/18

The metabase is stored in %systemroot%\system32\inetsrv and is called, appropriatelyenough, MetaBase.xml. The schema for the metabase is called MBSchema.xml. Becausethe metabase is a text file, it can easily be edited with any text editor, and it is less likelyto be corrupted. Even if the metabase does experience corruption, it can easily be fixed

or recovered.

Metabase HistoryThe metabase is backed up and “versioned” periodically by IIS. Two version numbersare used for the metabase: a major version number and a minor version number. Thename of the backup files are MetaBase_[10 digit major version number]_[10 digit minorversion number].xml and MBSchema_[10 digit major version number]_[10 digit minor versionnumber].xml (for example, MBSchema_0000000160_0000000000.xml).

By default, ten copies of the metabase files are stored. This allows the metabase to berolled back to any of these previous versions. The number of metabase versions kept isconfigurable by editing the MaxHistoryFiles property in the metabase. As a general

rule, you shouldn’t configure less that ten copies of the metabase history to be kept. Eachtime the metabase is saved, a backup copy of the metabase and corresponding schemaare made in the history folder. IIS checks to see how many history file pairs are present,and if more files are present than the value ofMaxHistoryFiles, IIS deletes theoldest pair.

History Folder LocationBy default, the history folder is located at %systemroot%\system32\inetsrv\history. Thisis configurable by changing the registry key under HKEY_LOCAL_MACHINE\Software\ Microsoft\InetMGR\Parameters\. Add a new string value named MetadataFile. Thevalue of the MetadataFile key should be the absolute pathname of the location to whichyou want to store the metabase files (for example:D:\IISMetadata\ThisIsMyMetabase.xml).

 As always, editing the registry is a dangerous thing, and the usual warnings apply.Be very, very careful.

When you change the location of the metabase files, make sure all the metabasefiles are moved to the new location, or else when IIS starts up, it will create the defaultmetabase in the new location. The changes to the metabase location will not take effectuntil the IIS Admin and World Wide Web Publishing service are restarted.

Backing Up and Restoring the MetabaseWhile you can use history files to restore metabase configuration files, performing a backup of the metabase has some advantages. For one, metabase history files can beused only on the computer on which they were created, while backups can be restoredto another computer. The metabase can be backed up on demand through the IIS MMC.

14  I I S 6 : T h e C o m p l e t e R e f e r e n c e

Page 13: Iis Fundamentals

8/4/2019 Iis Fundamentals

http://slidepdf.com/reader/full/iis-fundamentals 13/18

The metabase can be fully backed up and restored using the Backup/RestoreConfiguration option in the IIS MMC. To access it, highlight the computer in IIS,and choose Action | All Tasks | Backup/Restore Configuration.

From the Configuration Backup/Restore dialog box shown in Figure 1-5, youcan choose to back up, restore, or delete a metabase backup. All the metabase backups appear here.

The Backup OptionWhen you create a backup, you must specify a backup name. The backup file is locatedin %systemroot%\System32\Inetsrv\MetaBack. The metabase has a .MD0 extension, andthe schema has a .SC0 extension. Each backup with the same name will increment thenumber in the extension to preserve the previous backup. The password option encryptsthe backup with the password you specify. It can be decrypted only with the samepassword. This allows a web site to be moved from one computer to another, whilekeeping the metabase secure.

 Moving the metabase to another computer works well only if the drive configuration isthe same on the new computer. Because pathnames are stored in the metabase, if yourcontent is on a different drive, the web site won’t work properly. Extra care must alsobe taken if the site has an SSL certificate.

C h a p t e r 1 : I I S F u n d a m e n t a l s

Figure 1-5. Backup/restore configuration

Page 14: Iis Fundamentals

8/4/2019 Iis Fundamentals

http://slidepdf.com/reader/full/iis-fundamentals 14/18

The Restore OptionTo restore a configuration, choose that configuration, and then click the Restore button.When you click Restore, a warning will pop up, informing you that all your settingswill be wiped out (they’ll be restored to the saved configuration) and that all the services

will be stopped and restarted. This action is not to be undertaken on a whim.

The Delete OptionTo delete a metabase backup, choose the backup and click Delete. You will be asked ifyou are sure you want to delete, and if you say Yes, the backup is deleted.

Metabase SnapshotsAnother way to back up the metabase is to use Windows Backup Utility. The BackupUtility uses the Metabase Snapshot Writer automatically to make sure the MetaBase.xmland MBSchema.xml files are successfully backed up.When the Backup Utility detectsthat the drive to be backed up contains the metabase, it writes the in-memory metabase

to the files and prevents anything from being added to the in-memory metabase forup to two minutes.

The Metabase Snapshot Writer is not used during Backup Utility restores. If you are going to restore the metabase files, make sure that you stop the IIS services first, so youdon’t risk data loss.

Editing the MetabaseWhen the Enable Direct Metabase Edit option is enabled in the Properties window(see Figure 1-3), you can use a few different methods to modify the metabase while

IIS is running.

Notepad or Text EditorA favorite for those of you who like doing things by hand, a text editor can be used toedit the metabase directly. Just open the MetaBase.xml file, make the changes, and save.They’ll take effect immediately.

IIS WMI ProviderMicrosoft has a new push for all its programs to be accessible to Windows ManagementInstrumentation (WMI). So you should be able to use WMI to access the same configurationitems you could through the user interface. WMI edits the saved copy of the metabase

on the disk.

16  I I S 6 : T h e C o m p l e t e R e f e r e n c e

Page 15: Iis Fundamentals

8/4/2019 Iis Fundamentals

http://slidepdf.com/reader/full/iis-fundamentals 15/18

IIS ADSI ProviderADSI, the Active Directory Scripting Interface, edits the copy of the metabase inmemory. ADSI creates an instance of the metabase object that you can manipulateprogrammatically.

Editing the metabase is explained in further detail and some examples are givenin Chapter 9.

The Metabase SchemaThe metabase schema is loaded into memory with the metabase when IIS initializes. Itcontains the definitions for all the properties that can be written to the keys in the metabase.The schema also enforces these definitions to a certain extent. As long as a property iswritten as an in-schema property, it works because it has been defined. This can beoverridden by using a custom property in the MetaBase.xml file, which is essentiallycreating your own definition for a property. The goal here is to define all the properties

used, rather than limiting you to a certain few variables. While editing the metabaseisn’t difficult, editing the metabase schema isn’t recommended.

IIS 6 ArchitectureIf you’ve worked with previous versions of IIS, you’ll notice some significantimprovements with IIS 6. Version 6 is designed to be much more stable and securethan previous versions. As you’re going through this information, keep in mind thatthis is referring to the web server component of IIS. In IIS 6, FTP, SMTP, and NNTPstill run in the inetinfo.exe process.

Previously in IIS (see Figure 1-6), everything ran in the inetinfo.exe process or out

of process in dllhost.exe. An errant web site running in inetinfo.exe could take down theentire web service, causing an outage. IIS 6 separates web-server code from application-handling code with a kernel-mode HTTP listener, http.sys, and the Web Administration

C h a p t e r 1 : I I S F u n d a m e n t a l s

Figure 1-6. Diagram of web server process—IIS 5 

Page 16: Iis Fundamentals

8/4/2019 Iis Fundamentals

http://slidepdf.com/reader/full/iis-fundamentals 16/18

Service (WAS), which is a user-mode configuration and process manager (see Figure 1-7).These programs don’t run any third-party code, so they can’t be affected by an errantweb site. The code is run in a worker process. These worker processes are run by theapplication w3wp.exe. Each copy of w3wp.exe is another worker process. These worker

processes are separate from each other and from the kernel so that they can be isolatedfrom the operating system.

In process refers to code that runs in the same process as the parent. Out of processrefers to code that is run in a separate process.

Worker Process Isolation ModeThe IIS 6 web service runs all application code in an isolated environment. This is calledWorker Process Isolation Mode. This type of functionality was previously available inIIS, but it inflicted a significant performance penalty. Since everything in IIS 6 is run outof process by design, there is no performance hit. Previous versions of IIS also relied on

user mode processes to route requests to each other. In IIS 6, requests are pulled directlyfrom the kernel, completely isolating worker processes from each other. This helps whentwo applications need to be isolated from each other for security reasons. For now,other IIS services (such as FTP and SMTP) still run in inetinfo, just as in IIS 5. Perhapsthe next version will introduce worker process isolation for these services, but at thepresent time, they do have the ability to affect the inetinfo process.

IIS 5.0 Isolation ModeSometimes, worker process isolation can cause issues with applications that need to accessdata across instances or perform in an IIS 5 application pool environment. In this case,IIS can switch to what’s called IIS 5 isolation mode. This mode operates like IIS 5 andallows these applications to perform in the IIS 5 application pool environment, whilestill allowing the kernel mode http.sys to queue and cache requests.

18  I I S 6 : T h e C o m p l e t e R e f e r e n c e

Figure 1-7. Diagram of web server process—IIS 6 

Page 17: Iis Fundamentals

8/4/2019 Iis Fundamentals

http://slidepdf.com/reader/full/iis-fundamentals 17/18

C h a p t e r 1 : I I S F u n d a m e n t a l s

Most web sites will work just fine under IIS 6, but a few events would force you touse isolation mode and abandon worker process recycling:

■ Multi-instance ISAPIs that are written to be used multiple times simultaneously by different processes

■ Read raw-data filters that would try to grab all the data before it hits a web site

■ In-process session state variables, because they are lost every time a workerprocess is recycled

■ Applications that farm out work to their own worker processes

Enabling IIS 5.0 Isolation Mode Enabling isolation mode must be done at the rootlevel for the Web Sites folder in the IIS MMC. This is done for all web sites on thisserver as a whole—you cannot enable it on a per-web-site basis. Here’s how it’s done:

1. Open the IIS MMC.

2. Right-click the Web Sites folder and choose Properties.

3. Click the Service tab. Note that this tab is available only at this level.

4. Place a check mark in the box to Run WWW Service In IIS 5.0 Isolation Mode.

5. Click OK to return to the IIS MMC.

Application PoolsIIS introduces a whole new way of handling applications. Application pools allowcode to be run in an isolated environment. Each application pool is serviced by oneor more worker process. When IIS starts, the Web Administration Service initializes

the http.sys namespace routing table with one entry for each application. This routingtable determines to which application pool an application should be routed. Whenhttp.sys receives a request, it asks WAS to start up one or more worker processes tohandle that application pool. This isolation of processes makes the web server asa whole more stable.

Health MonitoringThe WAS is able to keep IIS healthy by keeping track of the worker processes andmonitoring their health. It can control these processes to keep them from causing IISto stop responding. WAS keeps track of worker processes by pinging them at periodic

intervals. If a worker process fails to respond to a ping, WAS terminates the processand starts a new one. This enables the system to keep responding to requests, evenwhen a worker process gets hung up. If a process crashes and the worker processhangs, http.sys will queue up the requests until WAS starts a new worker process tohandle that application pool. The end user will experience a temporary loss of servicewith applications in that application pool, while the core web services and any otherapplications will continue to function.

Page 18: Iis Fundamentals

8/4/2019 Iis Fundamentals

http://slidepdf.com/reader/full/iis-fundamentals 18/18

20  I I S 6 : T h e C o m p l e t e R e f e r e n c e

Orphaning Worker ProcessesWAS can also be configured to orphan a worker process instead of merely terminatingit. This allows the bad worker process to be examined to determine what happened.

WAS can be configured to run a command on the worker process (such as a debugger)

when it orphans a worker process. Worker processes can be periodically restarted inaddition to being automatically restarted on failure. This allows the system to reducethe effect of memory leaks by periodically reinitializing the environment and returningthat memory to the system. When WAS restarts a worker process, it creates a new workerprocess and tells the existing one to finish what it’s doing in a certain time frame andthen shut down. This allows the application to stay up, while refreshing the workerprocesses behind it. If the worker process does not shut down within the allowed timeframe, it is terminated.

Worker processes can be restarted based on the following criteria:

■ Elapsed time

■ Number of requests

■ Time of day

■ Memory usage

■ Idle time

■ CPU time used

ScalabilityWorker process isolation mode also allows for better scaling of the web server. Thousandsof sites can exist on a server with this configuration. Each application pool can bethrottled individually, limiting the individual application pool to a certain amountof processor time.

Web GardensMultiple worker processes can be set up to handle a single application pool. This iscalled a web garden. Web gardens allow for better multiprocessor scalability, since eachworker process can have an affinity for a single processor, to increase the cache hits onthat processor. If one worker process gets bogged down, the other ones can take up theslack. It also reduces the need to reboot the server, even when upgrading components, because the application pool can merely be restarted.

The number of requests that should be queued for each application pool can beset in http.sys when running in worker process isolation mode. When this limit isreached, new requests to the full application pool are not processed, and the usergets an HTTP 503 error.

For more details on application pools and these options, see Chapter 2.