Monday, 2 January 2012

IIS


What is IIS?
IIS Manager is a graphical interface for configuring your application pools or your Web, FTP, SMTP, or NNTP sites. With IIS Manager, you can configure IIS security, performance, and reliability features. You can add or delete sites; start, stop, and pause sites; back up and restore server configurations; and create virtual directories for better content management, to name only a few of the administrative capabilities. In previous releases of IIS, this tool was called the Internet Service Manager.
What is the full form of IIS?
Internet Information Server.
What is a Web service extension and how do I use the Web Service Extensions folder? (IIS 6.0)
The Web Service Extensions folder is the user interface for the new IIS 6.0 lockdown feature. This feature is a manifest of ISAPI extensions and CGIs with user-specified permissions, meaning, administrators must set the permissions to allow specific ISAPIs and CGIs to run on your server. Administrators can also specify the names of ISAPIs or CGIs that are forbidden to run on your server. Before loading an ISAPI extension .dll file or CGI .exe file, IIS checks this manifest for the permissions on the file. If the file is permitted to run, then the request proceeds normally. If the file is not permitted to run, then IIS returns a 404.2 error response to the client machine. The HTML page for a 404.2 error looks like a standard 404 error page, so the client machine processes the request as though the file did not exist. IIS logs the 404.2 error, which administrators can view to assess problems or potential threats against the server.
How do I publish documents or Web pages? (IIS 6.0)
1.Move your files to the \Inetpub\Wwwroot directory.
2.Type http://servername/filename in the address bar of your Internet browser to see your published files.
How do I create a virtual directory on a Web or FTP site? (IIS 6.0)
You can use IIS Manager to create virtual directories on your Web site.
How do I create a Web site?
When you install IIS on a computer running a member of the Windows Server 2003 family, a default Web site is set up for you. You can publish your content here immediately.
How do I create multiple Web sites?
To create multiple Web sites, you must first ensure that each site has unique identification. To accomplish this, you need to contact your network administrator to either obtain multiple IP addresses or to assign multiple host header names.
How do I stop and restart Internet services?
By using the "IISRESET" command
Can I change the name of my Web site and also redirect requests for the old site name to the new one?
You can configure your Web site to respond to both the old name and the new name, provided your network correctly routes both requests to your computer. This way, visitors can still reach your site by using the old name, and will be informed of the new name.
How can I confirm that a server certificate is attached to a Web site?
1.In IIS Manager, right-click the Web site, and click Properties.
2.Click the Directory Security tab.
3.Under Secure communications, if the View Certificate button is activated, there is a certificate attached to the Web site. If the button is not activated, you must attach a server certificate to the site to use the Secure Sockets Layer (SSL) features.
Can I attach more than one server certificate to a Web site?
No. Each Web site can have only one server certificate attached to it.
Can I attach the same server certificate to more than one site?
Yes. A server certificate can be attached to as many Web sites as needed.
Can I attach a server certificate to an FTP site?
No. FTP sites do not support Secure Sockets Layer (SSL) features.
Should I create a backup copy of my server certificate?
Yes. Your server certificate is a valuable investment, and is the key to your server's Secure Sockets Layer features. To create a backup copy of your server certificate, copy the entire certificate on to a floppy disk and store it in a safe place.
Does ASP debugging work in IIS 6.0 worker process isolation mode?
Yes, when you configure Launch and Access permissions to enable ASP debugging in worker process isolation mode for Script Debugger and Visual InterDev.
What are the new features in IIS7?
1. Simple, Configurable Command Line Setup · Install only the IIS components needed to run your site Example: start /w pkgmgr /l:log.etw /iu:IIS-WebServerRole;IIS-WebServer;IIS-CommonHttpFeatures;IIS-StaticContent;IIS-DefaultDocument;IIS-DirectoryBrowsing;IIS-HttpErrors;IIS-HttpRedirect;IIS-ApplicationDevelopment;IIS-ASPNET;IIS-NetFxExtensibility;IIS-ASP;IIS-ISAPIExtensions;IIS-ISAPIFilter;IIS-ServerSideIncludes;IIS-HealthAndDiagnostics;IIS-HttpLogging;IIS-LoggingLibraries;IIS-RequestMonitor;IIS-HttpTracing;IIS-Security;IIS-ClientCertificateMappingAuthentication;IIS-IISCertificateMappingAuthentication;IIS-RequestFiltering;IIS-IPSecurity;IIS-Performance;IIS-HttpCompressionStatic;IIS-HttpCompressionDynamic;IIS-WebServerManagementTools;IIS-ManagementConsole;IIS-ManagementScriptingTools;IIS-ManagementService;IIS-IIS6ManagementCompatibility;IIS-Metabase;IIS-WMICompatibility;IIS-LegacyScripts;IIS-LegacySnapIn;WAS-WindowsActivationService;WAS-ProcessModel;WAS-NetFxEnvironment;WAS-ConfigurationAPI 2. Great Compatibility Story · Most (99%+) ASP and ASP.NET applications just worked.
ü One application encountered breaking change ü Handful of applications required config migration to run in Integrated (We have about 260 applications running on www.microsoft.com as defined by IIS, there are thousands of pages of code that could have broken but didn’t.) · Integrated Pipeline is the new unified request processing pipeline. Benefits include: ü Allowing services provided by both native and managed modules to apply to all requests, regardless of handler. For example, managed Forms Authentication can be used for all content, including ASP pages, CGIs, and static files. ü Empowering ASP.NET components to provide functionality that was previously unavailable to them due to their placement in the server pipeline. For example, a managed module providing request rewriting functionality can rewrite the request prior to any server processing, including authentication, takes place. ü A single place to implement, configure, monitor and support server features. For example, single module and handler mapping configuration, single custom errors configuration, single url authorization configuration. · Classic ASP mode allows for easy app migration ü ASP.NET Setup provides a “Classic .NET AppPool” ü For more information on check out the article ASP.Net Integration With IIS7 · Use AppCmd to migrate apps to Integrated mode ü %windir%\system32\inetsrv\APPCMD.EXE migrate config <application path> ü For more information about AppCmd.exe see Getting Started With AppCmd.exe · IIS 6.0 Metabase compatibility layer ü Allows you the run old ADSI scripts ü IIS6.0 Metabase Compatibility module must be installed
3. No More Metabase! · Clean clear-text schema · IIS settings stored in XML configuration file (applicationHost.config) ü Metabase exists for SMTP/NNTP/FTP only · Site-wide changes made easily ü Update central applicationHost.config and copy to all web servers ü Replaces our bulky ADSI based script solution for metabase changes · Microsoft.com considerations ü Careful copying to production servers under load: (Know Thy Environment! When you push out a new applicationHost.config those affected worker process need to reload the new configuration. It comes down to the scope of the change. For example, if you are making a global change that that affectes all the worker processes, and you are heavily dependent on caching then you could cause some grief in your environment as those new configurations are reloaded by the worker processes.)
4. Centralized Configuration · applicationHost.config stored on UNC share · Allows us to copy to two (maybe four) servers rather than 80 ü Potential gotcha - managing password changes for account used to connect to config store (This is because that currently you cannot use the UNC share that is running under the Network service, which we use heavily. It currently requires a domain account, which our security policy mandates a periodic password change.)
5. Delegated Configuration · Admin can now delegate IIS settings to application owner · Settings defined in web.config file in application directory · Example of setting to delegate include: ü System.webServer section of applicationHost.config ü Caching, defaultDocument, httpErrors, security
6. AppCmd and Other New Management Options · Managing via the UI ü New modular, task-based look and feel ü Moving away from the right-click/properties paradigm · Managing via the Command Line ü AppCmd § Command line utility which replaces adsutil.vbs, iisapp.vbs, and others § Allows command line management of sites, applications, vdirs, apppools, modules, tracing, and more ü Powershell § IIS community creating IIS-specific Powershell cmdlets · MSCOM Considerations ü AppCmd limitations – no remote ü No IIS provider for Powershell
7. Failed Request Tracing · Buffers the trace events for requests and flushes them to disk if they meet your failure criteria · Captures trace data while you’re sleeping · Very little perf impact when targeting failing requests · Quick test: Enabling tracing for all file extensions and errors results in approx 5% fewer requests/sec at full stress load (please don’t do this in production) · View Currently Executing Requests via AppCmd ü appcmd list requests (for all request) ü appcmd list requests /apppool.name:DefaultAppPool REQUEST "3e00000080012675" (url:GET /casestudies/casestudy.aspx?casestudyid=201269, time:2954 msec, client:127.0.0.1) · New Task Scheduler ü Trigger tasks on events
8. Request Filtering · No more URLScan · settings in applicationHost.config · Gotcha for Microsoft.com: If filename includes “+” then allowDoubleEscaping must be set to “true” ü · Allow or disallow specific file extensions and verbs ü · DenyURLSequences ü ü · RequestLimits ü maxAllowedContentLength="1000000“ ü maxUrl="260“ ü maxQueryString="2048" 9. UNC Content · Simplified content synchronization · Reduced H/W footprint (potentially less cost) ü Common industry pain point 10. Output Caching of Dynamic Content · Fewer off-box calls to backend dependencies · Significant performance gains · Simple WCAT (Web Capacity Analysis Tool) Stress Test against www.microsoft.com/en/us/default.aspx Not appropriate for all applications (e.g. not effective for those with very personalized output)


No comments:

Post a Comment