IIS
What is IIS?
IIS Manager is a graphical interface for configuring your application pools or your Web, FTP, SMTP,
or NNTP sites. With IIS Manager, you can configure IIS security, performance, and reliability features.
You can add or delete sites; start, stop, and pause sites; back up and restore server configurations;
and create virtual directories for better content management, to name only a few of the administrative
capabilities. In previous releases of IIS, this tool was called the Internet Service Manager.
What is the full form of IIS?
Internet Information Server.
What is a Web service extension and how do I use the Web Service Extensions folder? (IIS 6.0)
The Web Service Extensions folder is the user interface for the new IIS 6.0 lockdown feature. This
feature is a manifest of ISAPI extensions and CGIs with user-specified permissions, meaning,
administrators must set the permissions to allow specific ISAPIs and CGIs to run on your server.
Administrators can also specify the names of ISAPIs or CGIs that are forbidden to run on your server.
Before loading an ISAPI extension .dll file or CGI .exe file, IIS checks this manifest for the permissions
on the file. If the file is permitted to run, then the request proceeds normally. If the file is not permitted
to run, then IIS returns a 404.2 error response to the client machine. The HTML page for a 404.2 error
looks like a standard 404 error page, so the client machine processes the request as though the file did
not exist. IIS logs the 404.2 error, which administrators can view to assess problems or potential threats
against the server.
How do I publish documents or Web pages? (IIS 6.0)
1.Move your files to the \Inetpub\Wwwroot directory.
2.Type http://servername/filename in the address bar of your Internet browser to see your published files.
How do I create a virtual directory on a Web or FTP site? (IIS 6.0)
You can use IIS Manager to create virtual directories on your Web site.
How do I create a Web site?
When you install IIS on a computer running a member of the Windows Server 2003 family, a default
Web site is set up for you. You can publish your content here immediately.
How do I create multiple Web sites?
To create multiple Web sites, you must first ensure that each site has unique identification. To
accomplish this, you need to contact your network administrator to either obtain multiple IP addresses or
to assign multiple host header names.
How do I stop and restart Internet services?
By using the "IISRESET" command
Can I change the name of my Web site and also redirect requests for the old site name to the new
one?
You can configure your Web site to respond to both the old name and the new name, provided your
network correctly routes both requests to your computer. This way, visitors can still reach your site by
using the old name, and will be informed of the new name.
How can I confirm that a server certificate is attached to a Web site?
1.In IIS Manager, right-click the Web site, and click Properties.
2.Click the Directory Security tab.
3.Under Secure communications, if the View Certificate button is activated, there is a certificate attached
to the Web site. If the button is not activated, you must attach a server certificate to the site to use the
Secure Sockets Layer (SSL) features.
Can I attach more than one server certificate to a Web site?
No. Each Web site can have only one server certificate attached to it.
Can I attach the same server certificate to more than one site?
Yes. A server certificate can be attached to as many Web sites as needed.
Can I attach a server certificate to an FTP site?
No. FTP sites do not support Secure Sockets Layer (SSL) features.
Should I create a backup copy of my server certificate?
Yes. Your server certificate is a valuable investment, and is the key to your server's Secure Sockets
Layer features. To create a backup copy of your server certificate, copy the entire certificate on to a
floppy disk and store it in a safe place.
Does ASP debugging work in IIS 6.0 worker process isolation mode?
Yes, when you configure Launch and Access permissions to enable ASP debugging in worker process
isolation mode for Script Debugger and Visual InterDev.
What are the new features in IIS7?
1. Simple, Configurable Command Line Setup · Install only the IIS components needed to run your site
Example: start /w pkgmgr /l:log.etw /iu:IIS-WebServerRole;IIS-WebServer;IIS-
CommonHttpFeatures;IIS-StaticContent;IIS-DefaultDocument;IIS-DirectoryBrowsing;IIS-
HttpErrors;IIS-HttpRedirect;IIS-ApplicationDevelopment;IIS-ASPNET;IIS-NetFxExtensibility;IIS-
ASP;IIS-ISAPIExtensions;IIS-ISAPIFilter;IIS-ServerSideIncludes;IIS-HealthAndDiagnostics;IIS-
HttpLogging;IIS-LoggingLibraries;IIS-RequestMonitor;IIS-HttpTracing;IIS-Security;IIS-
ClientCertificateMappingAuthentication;IIS-IISCertificateMappingAuthentication;IIS-
RequestFiltering;IIS-IPSecurity;IIS-Performance;IIS-HttpCompressionStatic;IIS-
HttpCompressionDynamic;IIS-WebServerManagementTools;IIS-ManagementConsole;IIS-
ManagementScriptingTools;IIS-ManagementService;IIS-IIS6ManagementCompatibility;IIS-
Metabase;IIS-WMICompatibility;IIS-LegacyScripts;IIS-LegacySnapIn;WAS-
WindowsActivationService;WAS-ProcessModel;WAS-NetFxEnvironment;WAS-ConfigurationAPI 2.
Great Compatibility Story · Most (99%+) ASP and ASP.NET applications just worked.
ü One application encountered breaking change ü Handful of applications required config migration to
run in Integrated (We have about 260 applications running on www.microsoft.com as defined by IIS,
there are thousands of pages of code that could have broken but didn’t.) · Integrated Pipeline is the new
unified request processing pipeline. Benefits include: ü Allowing services provided by both native and
managed modules to apply to all requests, regardless of handler. For example, managed Forms
Authentication can be used for all content, including ASP pages, CGIs, and static files. ü Empowering
ASP.NET components to provide functionality that was previously unavailable to them due to their
placement in the server pipeline. For example, a managed module providing request rewriting
functionality can rewrite the request prior to any server processing, including authentication, takes place.
ü A single place to implement, configure, monitor and support server features. For example, single
module and handler mapping configuration, single custom errors configuration, single url authorization
configuration. · Classic ASP mode allows for easy app migration ü ASP.NET Setup provides a
“Classic .NET AppPool” ü For more information on check out the article ASP.Net Integration With IIS7
· Use AppCmd to migrate apps to Integrated mode ü %windir%\system32\inetsrv\APPCMD.EXE
migrate config <application path> ü For more information about AppCmd.exe see Getting Started With
AppCmd.exe · IIS 6.0 Metabase compatibility layer ü Allows you the run old ADSI scripts ü IIS6.0
Metabase Compatibility module must be installed
3. No More Metabase! · Clean clear-text schema · IIS settings stored in XML configuration file
(applicationHost.config) ü Metabase exists for SMTP/NNTP/FTP only · Site-wide changes made easily
ü Update central applicationHost.config and copy to all web servers ü Replaces our bulky ADSI based
script solution for metabase changes · Microsoft.com considerations ü Careful copying to production
servers under load: (Know Thy Environment! When you push out a new applicationHost.config those
affected worker process need to reload the new configuration. It comes down to the scope of the change.
For example, if you are making a global change that that affectes all the worker processes, and you are
heavily dependent on caching then you could cause some grief in your environment as those new
configurations are reloaded by the worker processes.)
4. Centralized Configuration · applicationHost.config stored on UNC share · Allows us to copy to two
(maybe four) servers rather than 80 ü Potential gotcha - managing password changes for account used to
connect to config store (This is because that currently you cannot use the UNC share that is running
under the Network service, which we use heavily. It currently requires a domain account, which our
security policy mandates a periodic password change.)
5. Delegated Configuration · Admin can now delegate IIS settings to application owner · Settings
defined in web.config file in application directory · Example of setting to delegate include: ü
System.webServer section of applicationHost.config ü Caching, defaultDocument, httpErrors, security
6. AppCmd and Other New Management Options · Managing via the UI ü New modular, task-based
look and feel ü Moving away from the right-click/properties paradigm · Managing via the Command
Line ü AppCmd § Command line utility which replaces adsutil.vbs, iisapp.vbs, and others § Allows
command line management of sites, applications, vdirs, apppools, modules, tracing, and more ü
Powershell § IIS community creating IIS-specific Powershell cmdlets · MSCOM Considerations ü
AppCmd limitations – no remote ü No IIS provider for Powershell
7. Failed Request Tracing · Buffers the trace events for requests and flushes them to disk if they meet
your failure criteria · Captures trace data while you’re sleeping · Very little perf impact when targeting
failing requests · Quick test: Enabling tracing for all file extensions and errors results in approx 5%
fewer requests/sec at full stress load (please don’t do this in production) · View Currently Executing
Requests via AppCmd ü appcmd list requests (for all request) ü appcmd list requests /
apppool.name:DefaultAppPool REQUEST "3e00000080012675" (url:GET /casestudies/casestudy.aspx?
casestudyid=201269, time:2954 msec, client:127.0.0.1) · New Task Scheduler ü Trigger tasks on events
8. Request Filtering · No more URLScan · settings in applicationHost.config · Gotcha for
Microsoft.com: If filename includes “+” then allowDoubleEscaping must be set to “true” ü · Allow or
disallow specific file extensions and verbs ü · DenyURLSequences ü ü · RequestLimits ü
maxAllowedContentLength="1000000“ ü maxUrl="260“ ü maxQueryString="2048" 9. UNC Content ·
Simplified content synchronization · Reduced H/W footprint (potentially less cost) ü Common industry
pain point 10. Output Caching of Dynamic Content · Fewer off-box calls to backend dependencies ·
Significant performance gains · Simple WCAT (Web Capacity Analysis Tool) Stress Test against
www.microsoft.com/en/us/default.aspx Not appropriate for all applications (e.g. not effective for those
with very personalized output)
No comments:
Post a Comment