What's
new in Internet Information Service 6.0?
Host: Madhu Gopinathan, .NET Evangelist - Microsoft India
March
28, 2003
Moderator_MSDNIndia : Welcome all of you to MSDN India Online Expert
Chat
Moderator_MSDNIndia : Today's topic of chat is What's new in Internet
Information Service 6.0?
Moderator_MSDNIndia : Our expert host of the day is Madhu Gopinathan
Moderator_MSDNIndia : Madhu is an evangelist with Microsoft India
Moderator_MSDNIndia : Over to you Madhu
madhug_ms : Thanks Kunal
madhug_ms : Let me start with a brief overview of IIS6
and how its architecture differs significantly from IIS5
madhug_ms : IIS6 has been rearchitected to significantly
improve reliability, scalability, manageability, security
madhug_ms : There is a new process architecture instead
of single inetinfo in IIS5
madhug_ms : The web server functionality in InetInfo is
being split into the following
madhug_ms : HTTP.SYS: kernel mode listener and request
router
madhug_ms : W3SVC: now the config and process manager
madhug_ms : w3wp: Worker processes that process requests
and generate responses
madhug_ms : This has been done to improve isolation level
between applications
madhug_ms : This significantly improves the reliability
of the service as application code problems cannot affect the service
madhug_ms : The new kernel driver: HTTP.SYS queues requests
and requests are appropriately routed to a worker process (w3wp)
madhug_ms : OK..Let us start the questions now..
Moderator_MSDNIndia : (SriSamp) Is each worker process (w3wp) for
one application or it can handle more?
madhug_ms : Good question. There is a new concept called
an application pool.
madhug_ms : Application pools allow you to isolate applications.
All applications in a pool are executed by
madhug_ms : worker processes dedicated to that pool
madhug_ms : To answer your question, if there is only
one application in a pool, then that application requests will be
executed by one or more worker processes (this is configurable)
madhug_ms : If there are multiple applications, all such
app requests will be handled by one or more worker processes dedicated
to that pool
madhug_ms : Done
Moderator_MSDNIndia : (SriSamp) Is there any restrictions to the kind
of applications that can be in one pool?
madhug_ms : It is upto the administrator to configure
an application pool. Any web application can belong to an application
pool
madhug_ms : Done
Moderator_MSDNIndia : (SriSamp) Does having the concept of an application
pool improve scalability or reliability?
madhug_ms : Application pools really improve isolation
between applications.
madhug_ms : For e.g. in a production system running multiple
applications, if an administrator finds out that one application
madhug_ms : is behaving badly (high memory consumption,
frequent crashes etc.), then that application can be isolated to a
new application pool
madhug_ms : This application pool can have new recycling
properties to recycle worker processes based on memory consumption
etc.
madhug_ms : By increasing isolation, you're improving
reliability as well - because one application failure can't affect
other applications
madhug_ms : Application pool can be configured to have
more than one worker process - this is called web garden
madhug_ms : Multiple worker processes running on the same
machine
madhug_ms : This can deliver better scalability
madhug_ms : Done
Moderator_MSDNIndia : (SriSamp) Can this isloation be done on the
fly, or the service has to stopped and then done?
madhug_ms : Can be done on the fly - no need to stop the
service. Remember that the requests are queued at the kernel level
madhug_ms : Worker process restarts do not affect request
processing
madhug_ms : Done
Moderator_MSDNIndia : (Naveen) In IIS 5.0 many people were facing
problem when they installed IIS after the installation of .net. although
running aspnet_regiis it is giving problem with the database (in sql
authentication). Please suggest regarding this.
madhug_ms : What is the problem with sql authentication?
Moderator_MSDNIndia : (Naveen) It is giving untrusted connection
madhug_ms : Is it that trusted connection cannot be established?
Moderator_MSDNIndia : (Naveen) Yes
madhug_ms : ASP.NET runs as a special user aspnet_wp.
If you don't give db username and password when connecting to db,
then this user needs to have permission to access database
madhug_ms : In IIS6, all worker processes run with a new
identity called NETWORKSERVICE
madhug_ms : So going forward, this behavior will remain
the same
madhug_ms : Done
madhug_ms : Naveen: Are you getting an unauthorized error?
Moderator_MSDNIndia : (Naveen) I am the local admin to my system and
I gave all the rights
madhug_ms : That doesn't help because by default, the
ASP.NET process identity is used.
madhug_ms : Done
Moderator_MSDNIndia : (SriSamp) I read that IIS 6.0 comes with some
locked-down features which need to be unlocked. Can you explain this?
madhug_ms : Good question. it is not just with IIS6, but
with entire windows server 2003
madhug_ms : By default IIS6 is not installed. The server
machine needs to be configured as an application server for IIS to
be installed
madhug_ms : With the default installation of IIS6, it
works just as a web server serving static pages
madhug_ms : If you want to run dynamic applications, you
need to turn on specific features
madhug_ms : Such as running ASP.NET or ASP or ISAPI extensions
madhug_ms : This improves the security tremendously
madhug_ms : This is all part of the secure windows initiative
- the idea is to reduce the attack surface area that a hacker can
use to hack into systems
madhug_ms : Done
Moderator_MSDNIndia : (shri) Please talk about advantages of IIS 6.0
over previous versions
madhug_ms : the advantages fall into these categories
- improved reliability, scalability, security and performance
madhug_ms : Let me explain each of them
madhug_ms : The concept of application pools that I explained
earlier significantly improves reliability - improving isolation between
applications
madhug_ms : One application's failure can't affect another
application
madhug_ms : IIS6 offers much better scalability - requests
are queued at the kernel level using a new driver HTTP.SYS
madhug_ms : I've seen figures of 3000 sites in 1 IIS5
site vs 20000 sites in 1 IIS6 site
madhug_ms : Security: We talked about security lock down.
IIS6 by default is a static web server
madhug_ms : Admin needs to turn on specific features such
as running ASP.NET, ASP, ISAPI etc
madhug_ms : Administrator can change applications from
one pool to another, can choose to recycle worker processes when they
reach certain usage thresholds
madhug_ms : such as uptime, ii. # of requests iii. Scheduled
time iv. Memory consumption v. On-demand
madhug_ms : Done
KunalS_MS : There is a very good article on new features of IIS6.0
in the March issue of MSDN Magazine
KunalS_MS : IIS6.0 New Features Improve Your Web Server's Performance,
Reliability, and Scalability
Moderator_MSDNIndia : (SriSamp) Read that Passport integration is
supported in IIS 6.0. Can you explain this?
madhug_ms : Yes. passport authentication provides support
in the core web server.
madhug_ms : For .net you can use .net passport version
2 interfaces
madhug_ms : Done
madhug_ms : There is support for many different authentication
schemes (including passport) to be mapped to an internal authentication
scheme such as kerberos
madhug_ms : Done
Moderator_MSDNIndia : (SriSamp) So this means that a Passport user
has to be mapped to an internal domain user?
madhug_ms : Can be if needed. You can map to an application
specific auth scheme as well
madhug_ms : Done
Moderator_MSDNIndia : (shri) Does the default properties like timeout,
default script have any additional features in IIS6
madhug_ms : There are a certain number of configurable
criteria that can be used for recycling
madhug_ms : Elapsed time, # of requests received, scheduled
times during a 24 hour period,
madhug_ms : virtual memory usage, physical memory usage
etc.
madhug_ms : Admin can do an on-demand recycle as well
madhug_ms : Any specific features that you're looking
for?
madhug_ms : Done
Moderator_MSDNIndia : (Agostinho) I have an application in ASP and
I'm upgrading to ASP.NET. Can I use the two versions in same IIS 6.0?
madhug_ms : Yes. Note that ASP and ASP.NET pages won't
share session state
madhug_ms : Done
Moderator_MSDNIndia : (shri) What does this mean: Admin can do an
on-demand recycle as well. Pl. explain
madhug_ms : Oops. Typo. Should read process can do on-demand
recycle.
madhug_ms : The worker process gets pinged by the W3SVC
for health checks
madhug_ms : The worker process can indicate that it needs
to be recycled based on its internal state
madhug_ms : This could be used by the application developer
to do recycling based on conditions that are not supported out of
the box
madhug_ms : Done
Moderator_MSDNIndia : (shri) So this means a check has to be conducted
on internal state?
madhug_ms : Yes. A special code can be returned on health
check based on your process's internal state to request recycling
madhug_ms : Done
Moderator_MSDNIndia : (SriSamp) Have there been any improvements in
caching? For example, recompilations of scripts and ASP pages based
on age that used to happen in IIS 5.0?
madhug_ms : Tremendous improvements that deliver much
higher throughput
madhug_ms : First of all, response cache at the kernel
level
madhug_ms : Static pages can be served directly out of
this kernel cache.
madhug_ms : Even for dynamic pages, caching properties
can be used to indicate that the response should be cached in the
kernel cache
madhug_ms : For ASP pages, there is persistent on-disk
cache for storing compiled templates
madhug_ms : This improves the performance for large applications
with a number of ASP pages
madhug_ms : Done
Moderator_MSDNIndia : (SriSamp) Can IIS 5.0 and IIS 6.0 co-exist on
the same machine or is the core service upgraded? If so, does it mean
that there is a IIS 5.0 compatibility mode?
madhug_ms : The core service is IIS6. It can be configured
to run in IIS5 isolation mode if your applications have migration
problems
madhug_ms : The 2 modes can't co-exist.
madhug_ms : Done
Moderator_MSDNIndia : (SriSamp) But how does this work alongside with
ASP.NET caching?
madhug_ms : ASP.net caching properties can be used to
indicate that the response needs to be cached. The cache will be the
kernel cache and responses can be served directly out of this cache
madhug_ms : Done
Moderator_MSDNIndia : Last question of the day...
Moderator_MSDNIndia : (SriSamp) If ASP pages are stored as compiled
templates, an IIS 5.0 application when moved to IIS 6.0 will increase
in performance, or some coding/setting has to be done?
madhug_ms : No coding changes, it just works. Preliminary
testing indicates that there are performance improcements of upto
50% due to on-disk cache
madhug_ms : Done
SriSamp : Wow! Thanks Madhu. That was very useful...
