Upload
marco-titta
View
219
Download
1
Embed Size (px)
DESCRIPTION
corso iis
Citation preview
BUILDING VALUE
© c
opyr
ight
Pro
ge-S
oftw
are
2011
– a
ll rig
hts
rese
rved
Maggio 2012
Building Value
Proge-Software [email protected]
© c
opyr
ight
Pro
ge-S
oftw
are
2011
– a
ll rig
hts
rese
rved
Internet Information ServicesVersion 7 - 7.5
© c
opyr
ight
Pro
ge-S
oftw
are
2011
– a
ll rig
hts
rese
rved
About This Course
• Audience• Course Prerequisites• Course Objectives
© c
opyr
ight
Pro
ge-S
oftw
are
2011
– a
ll rig
hts
rese
rved
Course Program
• Day 1: Introduction Module 1: Introduction and IIS Architecture Module 2: Installing IIS Module 3: IIS Administration Overview Module 4: Web Sites and Virtual Directories
• Day 2: Module 5: Web Applications and Application Pools Module 6: IIS Security Module 7: High Availability and Load Balancing Module 8: Diagnostics and Troubleshooting Course Evaluation
© c
opyr
ight
Pro
ge-S
oftw
are
2011
– a
ll rig
hts
rese
rved
1 - Introduction and IIS Architecture
• Introduction to IIS• History and Evolution of IIS• IIS Architecture• IIS components• Modularity and extensibility• Request Processing and Pipelines
© c
opyr
ight
Pro
ge-S
oftw
are
2011
– a
ll rig
hts
rese
rved
Introduction to IIS
• Web Server / Application Server• Full version native to Windows server systems• Reduced version available on Windows client systems
© c
opyr
ight
Pro
ge-S
oftw
are
2011
– a
ll rig
hts
rese
rved
History and Evolution of IIS
Version O.S. Type Notes
1.0 Windows NT 3.51 Add-On • First release of IIS
2.0 Windows NT 4.0 Native • First version of IIS bundled with Windows
3.0 Windows NT 4.0 SP3 Native • Introduced ASP scripting
4.0 Windows NT 4.0 Add-On • Available in Windows NT 4.0 Option Pack
5.0 Windows 2000 Server Native • Native ASP support• ASP.NET available as an add-on
6.0 Windows Server 2003 Native • Introduced Application Pools and Worker Processes
• Native ASP and ASP.NET support
7.0 Windows Server 2008 Native • Full IIS redesign• Modular Architecture• Command-line administration
7.5 Windows Server 2008 R2 Native • Current release
© c
opyr
ight
Pro
ge-S
oftw
are
2011
– a
ll rig
hts
rese
rved
IIS Architecture
Server CoreModular Design
Unified Pipeline
• Completely modular Web server
• New native extensibility model
• .NET extensibility support
• No unnecessary overhead
• Designed for remote administration
• Same pipeline serves content for all handlers
• Configuration cache
© c
opyr
ight
Pro
ge-S
oftw
are
2011
– a
ll rig
hts
rese
rved
IIS Components
• Web Server / Application Server• FTP Server / SMTP Server (no longer parts of IIS)• Management Tools
• Modules• ISAPI Filters• Configuration Store (no more Metabase)
• Web Sites• Virtual Directories• Web Applications• Application Pools
© c
opyr
ight
Pro
ge-S
oftw
are
2011
– a
ll rig
hts
rese
rved
Modularity and Extensibility
Workload Features
Static Content (default)
• Static Content
• Default Document
• Directory Browsing
• HTTP Errors
• HTTP Logging • Logging Tools • Request
Monitor• Request
Filtering
• Static Content Compression
• IIS Management Console
ASP.NET • ASP.NET• .NET
Extensibility
• ISAPI• ISAPI
Extensions
Classic ASP • ASP• ISAPI
Extensions
Fast CGI for PHP • CGI
Full Install • All features
© c
opyr
ight
Pro
ge-S
oftw
are
2011
– a
ll rig
hts
rese
rved
Request Processing and Pipelines
IIS 6.0 Request Processing
Send Response
Log Compress
NTLM Basic
Determine Handler
CGI
Static File
Authentication
Anon
ASP.NET
PHPISAPI
…
…
Monolithic implementation installs all or nothing
Extend server functionality only through ISAPI
Web Request
© c
opyr
ight
Pro
ge-S
oftw
are
2011
– a
ll rig
hts
rese
rved
Request Processing and Pipelines
IIS 7.0 Request Processing
…
…
Authorization
Log
Compress
NTLM
Basic
Determine Handler
CGI
Static File
ISAPI
Anon
ResolveCache
UpdateCache
…
Server functionality is split into 40 modules
Modules plug into a generic request pipeline
Modules extend server functionality through API
Authentication
Send Response
Web Request
© c
opyr
ight
Pro
ge-S
oftw
are
2011
– a
ll rig
hts
rese
rved
Request Processing and Pipelines
Log
Compress
Basic
Static File
Anon
SendResponse
Authentication
Authorization
ResolveCache
ExecuteHandler
UpdateCache
…
…
Forms
Windows
ASPX
Trace
…
Unified Pipeline
© c
opyr
ight
Pro
ge-S
oftw
are
2011
– a
ll rig
hts
rese
rved
2 - Installing IIS
• Choosing the components to install• Installation methods• Graphical User Interface (Role Manager)• Command Line (pkgmgr.exe)• Unattended Setup• Lab
© c
opyr
ight
Pro
ge-S
oftw
are
2011
– a
ll rig
hts
rese
rved
Choosing the components to install
© c
opyr
ight
Pro
ge-S
oftw
are
2011
– a
ll rig
hts
rese
rved
Installation Methods
Role Manager
Unattended
Package Manager
© c
opyr
ight
Pro
ge-S
oftw
are
2011
– a
ll rig
hts
rese
rved
Graphical User Interface (Role Manager)
After installing Windows Server 2008/R2:
In Server Manager, navigate to Roles, and then Add Roles
In Add Roles Wizard, select Web Server (IIS)
Install IIS through the Graphical User Interface
11
22
Choose components to install22
© c
opyr
ight
Pro
ge-S
oftw
are
2011
– a
ll rig
hts
rese
rved
Command Line (pkgmgr.exe)
On existing installation of Windows Server 2008/R2:
Open a command shell with local administrator elevation
Type “start /w pkgmgr.exe /iu:IIS-WebServerRole;WAS-WindowsActivationService;WAS-ProcessModel; WAS-NetFxEnvironment;WAS-ConfigurationAPI”
Install IIS from the Command Line
Verify installation: check for errors, browse to local host
11
22
33
© c
opyr
ight
Pro
ge-S
oftw
are
2011
– a
ll rig
hts
rese
rved
Unattended Setup
To perform unattended installation of IIS:Prepare unattend XML file
Modify lines: version & processorArchitecture
Use pkgmgr.exe with unattend.xml file
Open a cmd-box shell with local administrator elevation
Type “start /w pkgmgr /n:unattend.xml”
Verify installation: check for errors, browse to local host
11
22
33
44
© c
opyr
ight
Pro
ge-S
oftw
are
2011
– a
ll rig
hts
rese
rved
Lab
• Installing IIS
© c
opyr
ight
Pro
ge-S
oftw
are
2011
– a
ll rig
hts
rese
rved
3 - IIS Administration Overview
• How IIS configuration works• Configuration hierarchy• Configuration tools
© c
opyr
ight
Pro
ge-S
oftw
are
2011
– a
ll rig
hts
rese
rved
3: How IIS configuration works
Command LineConfiguration
Tools
WMIConfiguration
Interface
IIS Manager
Managed API
unmanaged API
XML Configuration Files
Configuration Reader
© c
opyr
ight
Pro
ge-S
oftw
are
2011
– a
ll rig
hts
rese
rved
Configuration hierarchy
.NET Framework settings
Sites
machine.config
root web.config
applicationHost.config
ASP.NET settings
Main IIS 7.0 settings
web.configOptional
web.config
web.config
Applications
Virtual Directories
© c
opyr
ight
Pro
ge-S
oftw
are
2011
– a
ll rig
hts
rese
rved
Configuration tools
• Graphical User Interface (IIS Manager)• Command Line (appcmd.exe)• PowerShell• Remote Management• IIS 6 compatibility
© c
opyr
ight
Pro
ge-S
oftw
are
2011
– a
ll rig
hts
rese
rved
4 - Web Sites and Virtual Directories
• Site Bindings• The Default Web Site• Creating Web Sites• Virtual Directories• Creating Virtual Directories• Basic site and directory Settings• Lab
© c
opyr
ight
Pro
ge-S
oftw
are
2011
– a
ll rig
hts
rese
rved
Site Bindings
• Define a web site identity• If a web server hosts multiple sites, bindings are used to determine
which site will be used to answer a request• Binding parameters:
IP address TCP port Host headers
• More specific bindings take precedence on less specific ones• If no binding matches a request, the request is denied
© c
opyr
ight
Pro
ge-S
oftw
are
2011
– a
ll rig
hts
rese
rved
The Default Web Site
• The Default Web Site is automatically created on IIS installation• The Default Web Site has no bindings:
Available on all server IP addresses TCP port 80 No host headers
• The Default Web Site is used to answer all requests which don’t match any other web site on the server
• Only one Default Web Site can exist on a server• The Default Web Site can be removed, renamed or reconfigured
© c
opyr
ight
Pro
ge-S
oftw
are
2011
– a
ll rig
hts
rese
rved
Creating Web Sites
To Create a Web Site via IIS Manager:
Use the Add Web Site wizard under Sites11
Name the Web Site22
Set the content path and authentication methods33
Choose the IP address/port44
Set the host headers (Example: www.mysite.com)55
© c
opyr
ight
Pro
ge-S
oftw
are
2011
– a
ll rig
hts
rese
rved
Virtual Directories
• Virtual directories allow decoupling a site’s logical structure from the physical position of files and folders on the web server
• A virtual directory is a path in the site’s folder tree which is mapped to a physical folder con disk
URL Physical path
http://www.mysite1.com D:\Sites\MySite1
http://www.mysite1.com/images D:\Sites\MySite1\Images
http://www.mysite2.com D:\Sites\MySite2
http://www.mysite2.com/images D:\Sites\MySite2\Images
http://www.mysite1.com/shared D:\Sites\Shared
http://www.mysite2.com/shared D:\Sites\Shared
© c
opyr
ight
Pro
ge-S
oftw
are
2011
– a
ll rig
hts
rese
rved
4: Creating Virtual Directories
To Create a Virtual Directory via IIS Manager:
Navigate to the Site that will contain the virtual directory11
Click View Virtual Directories22
Use the Add Virtual Directory wizard33
Set the alias (Example: www.contoso.com/vdir)44
Assign the content path and authentication55
© c
opyr
ight
Pro
ge-S
oftw
are
2011
– a
ll rig
hts
rese
rved
Basic site and directory Settings
• Default Documents• Directory Browsing• Logging• Redirection
© c
opyr
ight
Pro
ge-S
oftw
are
2011
– a
ll rig
hts
rese
rved
Lab
• Creating Web Sites• Creating Virtual Directories• Configuring site and directory settings
© c
opyr
ight
Pro
ge-S
oftw
are
2011
– a
ll rig
hts
rese
rved
5 - Web Applications and Application Pools
• Web Applications Overview• Web Sites, Folders and Web Applications• Application Pools• Application Pool settings• Lab
© c
opyr
ight
Pro
ge-S
oftw
are
2011
– a
ll rig
hts
rese
rved
Web Applications Overview
• A Web Application is a web site or a virtual directory which contains programs in addition to static content
• “Programs” can be anything supported by the server: Compiled ASP.NET ASP.NET scripts Classic ASP scripts PHP scripts Executable files (CGI) …
• Web Applications use handlers to process dynamic content• Each Web Application is tied to an Application Pool• An Application Pool can contain multiple Web Applications
© c
opyr
ight
Pro
ge-S
oftw
are
2011
– a
ll rig
hts
rese
rved
Web Sites, Folders and Web Applications
• A Web Application can be defined for the site root or for a specific folder (physical or virtual)
• Applications settings are inherited through the site’s folder tree• Each folder in a site can have its custom application settings
© c
opyr
ight
Pro
ge-S
oftw
are
2011
– a
ll rig
hts
rese
rved
Application Pools
W3WP.EXEW3WP.EXE
W3WP.EXEW3WP.EXE
Process ID:1234
.NET nnnnn
DefaultAppPool
Each Application Pool has one:
• Version of .NET
• Process Identity
• Instance of W3WP.EXE
© c
opyr
ight
Pro
ge-S
oftw
are
2011
– a
ll rig
hts
rese
rved
Application Pool settings
• Identity• ASP.NET• Pipeline mode• Performance• Recycling
© c
opyr
ight
Pro
ge-S
oftw
are
2011
– a
ll rig
hts
rese
rved
Lab
• Creating Web Applications• Configuring Web Applications• Creating Application Pools• Configuring Application Pools
© c
opyr
ight
Pro
ge-S
oftw
are
2011
– a
ll rig
hts
rese
rved
6 - IIS Security
• Site identity and Application Pool identity• File System permissions• Authentication methods• Anonymous vs. Authenticated access• Certificates and HTTPS• IP and Domain Restrictions• Lab
© c
opyr
ight
Pro
ge-S
oftw
are
2011
– a
ll rig
hts
rese
rved
Site identity and Application Pool identity
• Site identity: used by the web server to access files on disk• Application Pool identity: used by the Web Applications running in
the Application Pool to access resources: Files on web server Files on remote servers Databases …
• Default identity can be overriden by authenticated users (impersonation)
© c
opyr
ight
Pro
ge-S
oftw
are
2011
– a
ll rig
hts
rese
rved
File System permissions
• Web Site identity needs access to static contents• Application Pool identity needs access to application files• Usually only read access is needed• Write access can be required in some scenarios
© c
opyr
ight
Pro
ge-S
oftw
are
2011
– a
ll rig
hts
rese
rved
Authentication methods
Method Features
Anonymous Authentication
• Allows any user to access any public content without providing a user name and password
ASP.NET Impersonation Authentication
• Runs your ASP.NET application under a security context different from the default security context for ASP.NET application
Basic Authentication
• Requires users to provide a valid user name and password to access content
Client Certificate Mapping
• Lets you automatically authenticate users who log on with client certificates
Digest Authentication
• Digest authentication uses a Windows domain controller to authenticate users
Forms Authentication
• Uses redirection to forward unauthenticated users to an form where they can enter credentials
Windows Authentication
• Clients authenticate using the NTLM or Kerberos protocols
© c
opyr
ight
Pro
ge-S
oftw
are
2011
– a
ll rig
hts
rese
rved
Anonymous vs. Authenticated access
• Anonymous access: Static content is accessed using the Web Site identity Web Applications run in their default Application Pool identity
• Authenticated access: Static content is accessed using the user’s identity (impersonation) Web Applications behavior depends on impersonation settings
© c
opyr
ight
Pro
ge-S
oftw
are
2011
– a
ll rig
hts
rese
rved
Certificates and HTTPS
Certificate Server
Web Server
Web Client
Certificate Server provides security certificate to server
© c
opyr
ight
Pro
ge-S
oftw
are
2011
– a
ll rig
hts
rese
rved
Certificates and HTTPS
To configure certificates:
• Import certificate11
• Configure SSL certificate and settings for a Web site22
Web Site now supports HTTPS
© c
opyr
ight
Pro
ge-S
oftw
are
2011
– a
ll rig
hts
rese
rved
Lab
• Configuring Web Site identity• Configuring Application Pool identity• Configuring authentication methods• Configuring HTTPS
© c
opyr
ight
Pro
ge-S
oftw
are
2011
– a
ll rig
hts
rese
rved
7 - High Availability and Load Balancing
• Load Balancing• Design considerations• Session management
© c
opyr
ight
Pro
ge-S
oftw
are
2011
– a
ll rig
hts
rese
rved
Load Balancing
Load Balancing: is a system where multiple servers share a single IP address and where clients access services through the shared IP address
Load Balancing: is a system where multiple servers share a single IP address and where clients access services through the shared IP address
Provides scalability, load balancing, and high availability
Requires access to the same data on all servers
Is software- or hardware-based
üü
üü
üü
© c
opyr
ight
Pro
ge-S
oftw
are
2011
– a
ll rig
hts
rese
rved
Design considerations
• Stateful vs. Stateless• No data should be stored locally on the web server• Avoiding single points of failure• High availability for network access• High availability for back-end systems• What about user sessions?
© c
opyr
ight
Pro
ge-S
oftw
are
2011
– a
ll rig
hts
rese
rved
Session management
• Session management can get difficult when running on multiple load-balanced web servers
• Sessions should be able to failover between web servers without forcing the user to start over
• ASP.NET provides built-in support for storing session state in a SQL Server database
• Non- ASP.NET Web Applications need to be developed with proper session management if they are to be deployed on multiple servers
© c
opyr
ight
Pro
ge-S
oftw
are
2011
– a
ll rig
hts
rese
rved
8 - Diagnostics and Troubleshooting
• Logging• Tracing• Debugging
© c
opyr
ight
Pro
ge-S
oftw
are
2011
– a
ll rig
hts
rese
rved
8: Logging
• IIS Logs• Windows Event Logs
• In order to properly diagnose issues, you must know the standard logs generated by successful requests and be able to identify the failed ones
© c
opyr
ight
Pro
ge-S
oftw
are
2011
– a
ll rig
hts
rese
rved
Tracing
How the Tracing Infrastructure Works
w3core
Traceconfig
Anypipelinemodule
Read trace config
TRACE_EVENTConsumer
Module
Trace event sources
Trace event consumers
Trace output
© c
opyr
ight
Pro
ge-S
oftw
are
2011
– a
ll rig
hts
rese
rved
Tracing
To Add a Failed Request Tracing Rule:
Add Failed Request Tracing Rule Wizardüü
Choose Error Conditionsüü
Choose Modules and Verbosityüü
To Configure a Failed Request Tracing Rule:
Use specific error numbers and ranges (500, 404)üü
Choose relevant modules (ASP.NET, CGI and ISAPI)üü
Specify the minimal amount of data neededüü
© c
opyr
ight
Pro
ge-S
oftw
are
2011
– a
ll rig
hts
rese
rved
Debugging
• Enabling detailed error messages• Local and Remote debugging• Enabling Visual Studio remote debugging• Debugging Web Applications
© c
opyr
ight
Pro
ge-S
oftw
are
2011
– a
ll rig
hts
rese
rved
Course Evaluation