Windows Server 2003: The Ideal Platform for XML Web Services

Integration

Reliability

Performance and Scalability

Security

Deployment and Management

Ready-to-use. The .NET Framework is integrated into the Windows Server 2003 family "out of the box." This eliminates the need for any additional deployment or management. As a result, Windows Server 2003 benefits from all the advantages of the .NET Framework:

Native XML. Because XML Web services are deeply integrated into Windows Server 2003, existing services such as COM+ and Microsoft Message Queuing (MSMQ) can readily take advantage of them. With a click of the mouse, any existing COM+ objects can be converted into XML Web services and communicate using SOAP, the protocol designed to transfer XML-based objects across a distributed infrastructure, through firewalls, or over the Internet. MSMQ can also use SOAP and XML as a native format, allowing loosely coupled applications to interoperate with a broad range of systems. These improvements greatly ease the task of standardizing legacy applications to take advantage of the connectivity enabled by .NET.

UDDI. Windows Server 2003 includes Enterprise Universal Description, Discovery, and Integration (UDDI) Services, a dynamic and flexible infrastructure for Web services. This standards-based solution enables companies to run their own internal UDDI service for intranet or extranet use. UDDI Services helps companies organize and catalog programmatic resources. By applying categorization schemes such as geography, Quality of Service (QoS), or organization in UDDI Services, companies can establish a structured and standardized way to describe and discover services. Built as a managed code service in Windows Server 2003, Enterprise UDDI Services was developed using Microsoft ASP.NET and the Microsoft .NET Framework. It is a standards-based technology that takes advantage of Microsoft's own experience in running the Microsoft public node of the UDDI Business Registry (UBR). UDDI Services can be accessed through a Web-based user interface or programmatically through a SOAP interface. Because UDDI Services automatically publishes its existence and location, it is easily discoverable as a Web Service. UDDI Services is available in Windows Server 2003 Standard Edition; Windows Server 2003 Enterprise Edition; and Windows Server 2003 Datacenter Edition.

Re-architected Internet Information Services. Internet Information Services (IIS) 6.0 (a component of Windows Server 2003) has been completely re-architected with a new fault-tolerant process model that greatly boosts the reliability of Web sites and applications. Previously, if a single application failed, the entire site was also likely to fail. Now, using IIS in the Windows Server 2003 family, you can isolate an individual Web application or multiple sites into a self-contained process (called an application pool) that communicates directly with the kernel. This feature increases throughput and capacity of applications while offering more headroom on servers effectively reducing hardware needs. These self-contained application pools prevent one application or site from disrupting the XML Web services or other Web applications on the server. IIS also provides health monitoring capabilities to discover, recover, and prevent Web application failures. On Windows Server 2003, Microsoft ASP.NET natively leverages the new IIS process model. These advanced application health and detection features are also available to existing applications running under Internet Information Server 4.0 and IIS 5.0, with the vast majority of applications not needing any modification.

Larger clusters. Organizations can now cluster up to eight nodes with either Windows Server 2003 Enterprise Edition or Windows Server 2003 Datacenter Edition double the clustering power of Windows 2000. By increasing the number of nodes in a server cluster, an IT administrator has many more options for deploying applications and providing failover policies that match business expectations and risks. Larger server clusters provide more flexibility in building multisite, geographically dispersed clusters that provide for fault tolerance, as well as traditional node and/or application failure. For example, an IT administrator can work with application developers to deploy a large-scale application on an eight-node cluster that is geographically dispersed in two locations. The application will also benefit from improved failover management due to the greater availability of the eight-node configuration.

Scale up and scale out. At a broad level, Windows Server 2003 provides greater capacity to scale up—adding power and performance to a single computer, as well as scale out—adding computers to a server farm. The remaining features in this section refer to scale-up performance and scalability enhancements.

Faster transactions. Executing distributed transactions is more efficient with improvements to Microsoft COM+ services. COM+ version 1.5, known as Enterprise Services in the .NET Framework, provides many enhanced services to increase the overall scalability, availability, and manageability of your new and existing server applications.

Faster ASP.NET. ASP.NET Web Forms, caching capabilities, and simplicity of data access in .NET enhance the overall application development process. In part because the .NET Framework is integrated with the Windows Server 2003 family, ASP.NET runs faster by as much as 30 percent or more.

IIS 6.0 kernel mode driver. The new HTTP.SYS kernel mode driver responsible for HTTP parsing and caching, has been specifically tuned to increase Web server throughput. A single point of contact for all incoming (server-side) HTTP requests, HTTP.SYS provides high performance connectivity for HTTP server applications. HTTP.SYS improves overall connection management, bandwidth throttling, and Web server logging. An added advantage of HTTP.SYS is that if a Web application experiences a failure, HTTP.SYS will maintain all client connection state while IIS restarts the application. Most users connected to that application would not perceive the failure in the application at all.

IIS 6.0 caching policy and thread management. IIS 6.0 has advanced capabilities to determine the cacheable set of pages from an application or set of sites. This means that the Web server optimizes the resources on the server while sustaining the performance on frequent requests, a benefit that improves scalability.

IIS 6.0 Web gardens. A Web garden is an application pool that has multiple processes serving the requests routed to that pool. You can configure the worker processes in a Web garden to be bound to a given set of CPUs on a multiprocessor system. Using Web gardens, Web applications have increased scalability because a software lock in one process does not block all the requests going to an application. If there are four processes in the Web garden, a specific software lock blocks roughly a quarter of the requests.

IIS 6.0 large memory support. For workloads that require a great deal of cached data, IIS 6.0 can be configured to cache up to 64 gigabytes (GB) on an x86- or compatible processor-based system. In addition, if an application has a per-request memory cost and needs more than 2 GB of virtual memory, the Web garden feature (multiple processes running the application or site) will allow the application to scale further.

IIS 6.0 site scalability. IIS 6.0 has improved the way internal resources are utilized. IIS 6.0 allocates system resources to meet HTTP requests rather than pre-allocating resources at initialization time. This means:

Reduced attack surface. Security in Windows Server 2003 is built on top of a single security model integrated with Active Directory. In addition, security enhancements and innovations new to Windows Server 2003 help to reduce the "attack surface" and make Windows authentication and authorization more secure and powerful via a new application security architecture. Specifically, code-access security enables developers to declare who and what can access specific pieces of code. If another object attempts access to a specific piece of code—without the appropriate permissions—it is denied access. This effectively closes the door on rogue objects that might otherwise be able to simulate an action through an application and thus enter the application. With security built and managed at the code level, applications become much safer.

Network service accounts. In Windows Server 2003, Web applications are by default loaded into a provider subsystem with the NetworkService security account. This account is intended for services that have no need for extensive privileges, but require remote communication with other systems. Use of this account by the provider subsystem eliminates the risk that a corrupted or compromised provider could take out a server or an entire domain controller.

Software restriction policies. Software restriction policies address the need to regulate unknown or untrusted software. With the rise in the use of networks, the Internet, and e-mail for business computing, users find themselves exposed to new software in a variety of ways. Users must constantly make decisions about running unknown software. Viruses and Trojan horses often intentionally misrepresent themselves to trick users into running them. This makes it difficult for users to make safe choices about which software they should run. With software restriction policies, you can protect your computing environment from untrusted software by identifying and specifying which software is allowed to run. You can define a default security level of unrestricted or disallowed for a Group Policy object (GPO) so that software is either allowed or not allowed to run by default.

Constrained delegation. This is an industry-leading technology that allows for controlled delegation of security rights within applications. The administrator can assign back-end servers for applications to use for this delegation of rights. This functionality gives application architects and system administrators, more flexibility and control when building highly secure applications.

Authorization Manager. Another innovation in the Windows security system, the Authorization Manager gives developers and administrators a powerful tool for managing role-based authorization within applications. Authorization Manager allows administrators to create application-specific groups that can be easily updated when business rules change.

XML-based IIS 6.0 configuration. The metabase, which is used to hold IIS configuration information, is now kept in a plain-text XML file. This replaces the hierarchical data store and makes it easier to manage and deploy in the following ways:

Windows Management Instrumentation command-line management (WMIC). Administrators can use this powerful command-line tool environment to achieve a number of important management tasks quickly and efficiently. WMIC interoperates with existing shells and utility commands and can be easily extended by scripts or other administration-oriented applications. With WMIC, you can browse WMI schemas and query their classes and instances using aliases or "friendly names," a benefit that eases working in WMI. With a single command, you can work with a local computer, remote computers, or multiple computers. In addition, administrators can view or manipulate any information made available through WMI using scripts and Microsoft Visual Basic® applications that access the Scripting API for WMI. Scripts can be written in any scripting language that supports Microsoft ActiveX® script hosting, including Visual Basic Scripting Edition (VBScript), Microsoft Jscript®, and Perl.