Microsoft IIS 6.0Administrator's Consultant
|
Core Internet Information Services (IIS) administration tasks revolve around connecting to servers, managing services, and saving metabase configurations. In IIS you connect to individual servers and manage their IIS components through the IIS snap-in, the Application Server snap-in, or the Remote Administration tool. You can use a single IIS server to host multiple resources. Web and File Transfer Protocol (FTP) resources are referred to as Web sites and FTP sites, respectively. Simple Mail Transfer Protocol (SMTP) and Network News Transfer Protocol (NNTP) resources are referred to as SMTP virtual servers and NNTP virtual servers, respectively.
Sites and virtual servers are server processes that have their own configuration information, which can include Internet Protocol (IP) addresses, port numbers, and authentication settings. To perform most administration tasks with sites and servers, you’ll need to log in to the IIS server using an account that has administrator privileges. You can find detailed information on security in Chapter 7, “Enhancing Web Server Security.”
Understanding the IIS Architecture
Most administrators don’t understand the actual underpinnings of IIS. Yet to really understand how IIS works, you have to understand the architecture. You can think of IIS as a layer over the operating system where, in most cases, you might need to perform an operating system level task before you perform an IIS task. This is true in several key areas:
-
Directories Sites, virtual servers, and other resources use the Microsoft Windows Server 2003 file and directory structure. Before you create IIS resources, such as sites or virtual servers, you should ensure that any necessary directories have been created.
-
Permissions Windows Server 2003 permissions ultimately determine whether users can access files and directories. Before users can access files and directories, you must ensure that the appropriate users and groups have access at the operating system level. After you set operating system (OS)– level permissions, you must set IIS-specific security permissions.
Windows services and processes are other areas where Windows Server 2003 and IIS are tightly integrated. IIS has two operating modes that affect services and processes. These operating modes are:
-
IIS 5 isolation mode The standard processing mode of IIS 5
-
Worker Process isolation mode The default processing mode of IIS 6.0 on a clean install
The IIS 5 isolation mode and worker process isolation mode are mutually exclusive. The World Wide Web Service can operate only in one mode or the other, which means that all Web sites configured on a server use the same operating mode.
The sections that follow examine each operating mode, providing a discussion of how, why, and when the modes are used, as well as providing details of what the components of each mode are. IIS application and application pools are discussed in detail in Chapter 5, “Running IIS Applications,” and Chapter 6, “Managing ASP.NET, Application Pools, and Worker Processes.”
Understanding and Using IIS 5 Isolation Mode
You use IIS 5 isolation mode to run Web applications that were developed for older versions of IIS. Using this operating mode affects how IIS is used and how IIS interacts with other components.
IIS 5 Isolation Mode Overview
IIS 5 isolation mode operates nearly the same as the standard mode of IIS 5 depicted in Figure 2-1. Service Host processes control all resources of the same type running on a server. Because of this, Windows Server 2003 uses the Service Host to manage all instances of a specific resource, such as Web or FTP sites, running on a server. For example, if you start or stop the World Wide Web Publishing Service, you’re controlling all Web sites running on the server through the related Service Host process.
Because of the layered structure of IIS, starting or stopping an Internet Information Service doesn’t directly affect the Service Host. Instead, Windows Server 2003 uses an intermediary to control the Service Host for you. This intermediary is the InetInfo process. A single instance of Inetinfo.exe is used to manage the Service Hosts as well as Internet Server Application Programming Interface (ISAPI) applications that run within the IIS process context. When you control IIS individually, Windows Server 2003 controls the Service Host through InetInfo. InetInfo also makes it possible to manage all IIS resources running on a server. You can, for example, issue a restart command in the IIS snap-in that restarts IIS completely. See the section entitled “Starting, Stopping, and Restarting All Internet Services,” later in this chapter, for more details.
ISAPI applications are a key part of the IIS 5 architecture. ISAPI applications are server-based applications that run on IIS Web sites. As Figure 2-2 shows, you use DLL Host (Dllhost.exe) to manage out-of-process ISAPI applications. Any pooled ISAPI applications running on the server run within the context of a single instance of Dllhost.exe. In contrast, isolated ISAPI applications run within the context of separate DLL Host processes.
Understanding Application Incompatibilities and Consequences
You must use IIS 5 isolation mode for Web applications that aren’t compatible with the IIS 6 worker process model. Characteristics that might make an application written for IIS 5 incompatible with worker process mode include:
-
Session states that are managed in-process You can configure IIS 6 to recycle worker processes periodically, on demand, or when a specific criterion is met. When a worker process is recycled, session state data might be lost.
-
Code that sends out requests to other worker processes IIS 6 worker processes can’t communicate or send out requests to other processes. Worker processes are completely isolated to prevent applications or sites in one application pool from stopping applications or sites in another application pool.
-
Components that don’t support loading by multiple processes Multiple IIS 6 worker processes might load and run ISAPI and COM components concurrently. If concurrent instances of an ISAPI or COM component can’t run simultaneously, the components are incompatible for worker process isolation mode.
If you have incompatible applications, you have several choices:
-
Switch to IIS 5 isolation mode, forcing all applications to run in this mode and losing all the benefits of IIS 6 worker process isolation mode. To switch to IIS 5 isolation mode in IIS Manager, right-click Web Sites and then click Properties. In the Service tab, select Run WWW Service In IIS 5 isolation mode, and then click OK. Afterward, when prompted to restart the World Wide Web Service, click Yes. The reconfiguration process can take several minutes, so be patient.
-
Configure separate Web application servers, each running in a different mode. Run IIS 5–compatible applications on servers running IIS 5 isolation mode. Run IIS 6–compatible applications on servers running worker process isolation mode.
-
Migrate incompatible applications to IIS 6 architecture. If you do this, be sure to look at these server support functions: CustomError (to use IIS custom errors), ExecuteUrl (to replace read raw data filters), ReportUnhealthy (to force recycle unstable or questionable process), and VectorSend (to manage multiple buffer and file handles). The IIS 6 architecture also supports Unicode Uniform Resource Locators (URLs), COM+ partitions, dynamic-link library (DLL) runtime versioning (fusion), and poolable objects using the multithreaded apartment model.
Switching to IIS 5 mode also affects the way ASP.NET is used on the server. In IIS 5 isolation mode, ASP.NET uses its own processing model. This processing model is similar to worker process isolation mode and has similar capabilities. Process model configurations for ASP.NET applications are taken from the Windows .NET Framework XML file, which is called Machine.config.
In contrast, under the default configuration, ASP.NET and IIS are directly integrated. ASP.NET uses the worker process model architecture of IIS 6. ASP.NET applications can take advantage of IIS 6 features, and applications are configured through the application pool settings. The only exception is that if you’ve configured maximum input/output (I/O) threads or maximum worker threads in a Machine.config file, these settings will still be read and used. All other configuration settings in the Machine.config file are ignored.
Switching to IIS 5 Isolation Mode
To switch to IIS 5 isolation mode, follow these steps:
-
Expand the Internet Information Services node in the IIS or the Application Server snap-in.
Note If the server you want to work with isn’t listed, right-click Internet Information Services, select Connect, and then type the server name or click Browse to find a server. If necessary, select Connect As and provide your logon credentials for the remote server. Click OK.
-
Expand the server node. Right-click Web Sites and then click Properties.
-
In the Service tab, select Run WWW Service In IIS 5 Isolation Mode, and then click OK.
-
When prompted to restart the World Wide Web Service, click Yes. Windows Server 2003 then reconfigures processing and restarts the Web service. This process can take several minutes, so be patient.
Understanding and Using Worker Process Isolation Mode
Worker process isolation mode is the default mode of IIS. This mode allows sites and applications to:
-
Recycle worker threads
-
Monitor process health
-
Use advanced application pooling configurations
-
Take advantage of other IIS 6 features
From a high level, worker process isolation mode is similar to IIS 5 isolation mode. Service Host processes control all resources of the same type running on a server. Starting, pausing, or stopping a service affects all sites of the same type on the server. It doesn’t directly affect the Service Host. Instead, Windows Server 2003 uses an intermediary to control the Service Host for you. For non-Web services, this intermediary is the InetInfo process. A single instance of Inetinfo.exe is used to manage the FTP, SMTP, and NNTP Service Hosts.
Management of the Web service and Web applications is internalized. The Web Administration Service component of the Web Service Host is used to manage the service itself. Worker processes are used to control applications, and no ISAPI applications run within the IIS process context.
Worker processes are used in several ways:
-
Single worker process—single application Here, a single worker process running in its own context (isolated) handles requests for a single application, as well as instances of any ISAPI extensions, and filters the application needs. The application is the only one assigned to the related application pool.
-
Single worker process—multiple applications Here, a single worker process running in its own context (isolated) handles requests for multiple applications assigned to the same application pool, as well as instances of any ISAPI extensions, and filters the application needs.
-
Multiple worker processes—single application Here, multiple worker processes running in their own context (isolated) share responsibility for handling requests for a single application, as well as instances of any ISAPI extensions, and filter the application needs. The application is the only one in the related application pool.
-
Multiple worker processes—multiple applications Here, multiple worker processes running in their own context (isolated) share responsibility for handling requests for multiple applications assigned to the same application pool, as well as instances of any ISAPI extensions, and filter the application needs.
Benefits of Using Worker Processing Mode
Running IIS in worker processing mode has many benefits. In this mode, all sites run within an application context and have an associated application pool. The default application pool is DefaultAppPool. You can also assign sites and applications to custom application pools.
Each application or site in an application pool can have one or more worker processes associated with it. The worker processes handle requests for the site or application.
You can configure application pools to manage worker processes in many ways. You can configure automatic recycling of worker threads based on a set of criteria, such as when the process has been running for a certain amount of time or uses a specific amount of memory. You can also have IIS monitor the health of worker threads and take actions to recover automatically from failure. These features might eliminate or reduce your dependence on third-party monitoring tools or services.
In worker processing mode, you can also create a Web garden where you configure multiple worker processes to handle the workload. Applications configured using this technique are more responsive, more scalable, and less prone to failure. Why? A Hypertext Transfer Protocol (HTTP) listener, called Http.sys, listens for incoming requests and places them in the appropriate application pool request queue. When a request is placed in the queue, an available worker process assigned to the application can take the request and begin processing it. Idle worker processes handle requests in first in, first out (FIFO) order.
Worker processes can also be started on demand. If there are unallocated worker processes and no current idle worker processes, IIS can start a new worker process to handle the request. In this way, resources aren't allocated until they’re needed, and IIS can handle many more sites than it could if all processes were allocated on startup.
Switching to Worker Processing Mode
To switch to worker processing mode, follow these steps:
-
Expand the Internet Information Services node in the IIS or the Application Server snap-in.
Note If the server you want to work with isn’t listed, right-click Internet Information Services, select Connect, and then type the server name or click Browse to find a server. If necessary, select Connect As and provide your logon credentials for the remote server. Click OK.
-
Expand the server node. Right-click Web Sites and then click Properties.
-
In the Service tab, clear Run WWW Service In IIS 5 Isolation Mode, and then click OK.
-
When prompted to restart the World Wide Web Service, click Yes. Windows Server 2003 then reconfigures processing and restarts the Web service. When the process is finished, you’ll have an Application Pools node that you can use to manage the default application pool and any other pools you create on the server.
|