Application Isolation Mode Functions (IIS 6.0)

Use Table 2.4 to compare how certain IIS 6.0 functions run in worker process isolation mode with how they run in IIS 5.0 isolation mode. Knowing the host component for each application isolation mode can help you decide which application isolation mode to use. For example, if an application must run in DLLhost.exe, and you cannot change the application to remove this requirement, this table shows you the two available options, which are to run the application in Medium or High isolation in IIS 5.0 isolation mode.

Subhead

Table 2.4 Comparison of IIS 6.0 Functions in the Two Application Isolation Modes
IIS 6.0 FunctionWorker Process Isolation Mode Host/ComponentIIS 5.0 Isolation Mode Host/Component

Worker process management

Svchost.exe/WWW service

Svchost.exe/WWW service

Worker process

W3wp.exe

Inetinfo.exe

Running Low-isolation ISAPI applications

W3wp.exe

Inetinfo.exe

Running Medium-isolation ISAPI applications

Not applicable (All ISAPI extensions are in-process.)

DLLHost.exe (1)

Running High-isolation ISAPI applications

Not applicable (All ISAPI extensions are in-process.)

DLLHost.exe

Running ISAPI filters

W3wp.exe

Inetinfo.exe

HTTP.sys configuration

Svchost.exe/WWW service

Svchost.exe/WWW service

HTTP protocol support

Windows kernel/HTTP.sys

Windows kernel/HTTP.sys

HTTP SSL (HTTPFilter)

Lsass.exe

Inetinfo.exe

IIS metabase

Inetinfo.exe

Inetinfo.exe

FTP

Inetinfo.exe

Inetinfo.exe

NNTP

Inetinfo.exe

Inetinfo.exe

SMTP

Inetinfo.exe

Inetinfo.exe

HTTP SSL (HTTPFilter)

When HTTP.sys receives requests that are encrypted by using Secure Sockets Layer (SSL), the kernel-mode HTTP service cannot decrypt the requests or encrypt the responses. Instead, HTTP SSL (HTTPFilter), which is a user-mode service, implements SSL for the HTTP service. HTTP SSL runs in the IIS 6.0 isolation modes as follows:

In worker process isolation mode, Lsass.exe hosts HTTPFilter.

In IIS 5.0 isolation mode, HTTP filter runs in Inetinfo.exe.

  Important

Lsass.exe cannot be stopped except during computer shutdowns — either planned or unexpected.

IIS 6.0 Identity vs. IIS 5.0 Identity

In IIS 6.0, worker processes use a different process identity than in IIS 5.0. Process identity is an operating system term used to denote the account that a process runs under. Every process that is running on a Windows NT operating system has a process identity that is used to control access to resources on the system.

The different process identity used by worker processes in IIS 6.0 can affect applications migrated from IIS 5.0 if the application expects the process identity to run as a specific account, such as IWAM_ComputerName. In addition, for Medium-isolation or High-isolation Web applications created in IIS 5.0 or run on IIS 6.0 in IIS 5.0 isolation mode, identity is configured by Component Services; however, when IIS 6.0 is running in worker process isolation mode, identity is configured in IIS Manager.



© 2015 Microsoft Corporation. All rights reserved. Contact Us |Terms of Use |Trademarks |Privacy & Cookies
Microsoft