COM209 Staples

Uploaded from authorPOINT Lite
Download as
 PPT
Presentation Description 

No description available

Comments Sign in to comment
Embed URL Thumbnail


Custom Embed WordPress Embed

Views: 258
Like it  ( Likes) Dislike it  ( Dislikes)
Added: February 20, 2008 This Presentation is Public 
Presentation Category : Education All Rights Reserved
Presentation Transcript

Lap Around IIS7: Lap Around IIS7 Bill Staples Product Unit Manager, IIS COM014 – A Lap Around IIS7 Microsoft Corporation xxx Roller Coaster Ride


s e v e n: s e v e n supportable i n t e r n e t i n f o r m at i o n s e r v i c e s integrated extensible componentized compatible secure delegated


IIS – a colorful past: IIS – a colorful past 1996 - V1 & 2 ships for Windows NT 3.5 & 4.0 1997 – V4 part of NT 4 Option Pack 2000 – V5 installed by default in Windows 2000 2001 March 2001, #1 in Internet Site Share Fall 2001, Code Red and Nimda 2003 – V6 released in Windows Server 2003


IIS 6 Today: IIS 6 Today Secure by Design Extensive design & code reviews Penetration testing Defense in depth Secure by Default IIS no longer installed by default with OS IIS installs with “locked down” configuration Runs with minimal permissions, secure configuration Process architecture designed for app failure Health detection Automatic recycling of applications Zero critical security patches since release


Slide5: IIS 7 Overview Configuration & Admin Tool Core Server Diagnostics Compatibility Security Demos


The Metabase: The Metabase Is Dead! (global web configuration is now stored in applicationHost.config) Centralized, admin-only configuration store COM-only interface Poorly schematized XML format Built using 1996 era standards


Slide7: IIS 7 Configuration Enables You To... Store IIS and ASP.NET settings in web.config XCopy web settings along with content Share web settings across multiple servers Extend configuration with your own schema … in a clean, well-schematized format


The IIS Snap-in (inetmgr): The IIS Snap-in (inetmgr) Is Dead! (the new administration tool is named webmgr) Administrator only console Poorly factored UI (go where for security?) Difficult to use (one page has that many tabs?) DCOM remoting


Slide9: IIS 7 Admin Tool Enables You To... Manage IIS and ASP.NET in one place Manage individual sites and apps w/o machine admin privileges View health, diagnostics, users, more… Extend with your own Admin UI


Delegated: Delegated configure and deploy w/o admin privileges


Slide11: For More Information… COM431: IIS 7 Extensibility (Part 2): Building Configuration and UI Modules Friday 1pm, Room 404AB


The Core Server & ISAPI: The Core Server & ISAPI Is Dead! (IIS7 is now completely modular, built on public APIs) All core IIS features implemented in w3core.dll ISAPI difficult to master, not very flexible ISAPI unused by IIS team Built using 1996 era standards


Slide13: IIS 7 Core Server Enables You To... Build new IIS modules on full-fidelity APIs Use native (C/C++) or Managed (C#, VB .NET) code Use existing ASP.NET modules / handlers Customize IIS footprint – per site or app


IIS7 Core Web Server Modules: IIS7 Core Web Server Modules Http Protocol Support ValidationRangeModule TraceVerbModule OptionsVerbModule ClientRedirectionModule Logging and Diagnostics HttpLoggingModule CustomLoggingModule Configuration and Metadata Caches ConfigurationModule UriCacheModule SiteCacheModule FileCacheModule Core Web Server DirectoryListingModule CustomErrorModule DynamicCompressionModule StaticCompressionModule StaticFileModule DefaultDocumentModule HttpCacheModule RequestMonitorModule TracingModule AuthN/AuthZ BasicAuthModule DigestAuthModule WindowsAuthModule CertificateAuthModule AnonymousAuthModule FormsAuthModule AccessCheckModule UrlAuthorizationModule Extensibility ISAPIModule ISAPIFilterModule CGIModule ServerSideIncludeModule ManagedEngineModule Publishing DavModule


Componentized: Componentized powerful, flexible building blocks for minimal footprint


Slide16: For More Information… COM303 IIS7: Building More Powerful ASP.NET Applications with IIS7 Wednesday 1:45pm, Room 152/153 COM406 IIS7 Extensibility (Part 1): Building New Core Server Modules Wednesday 11:00am, Room 406AB


Slide17: IIS 7 Diagnostics Enables You To... View real-time server state information Control state of Sites, Apps, AppPools, AppDomains Log detailed trace events across web platform stack Automatically log event traces on error conditions Extend trace logging with your own events


Supportable: Supportable easy to diagnose and fix problems


Slide19: For More Information… COM320 IIS7 Instrumenting, Diagnosing, and Debugging Web Applications Wednesday 11:30am, Room 515AB


Slide20: IIS 7 Compatibility Means… Existing ISAPI filters and extensions just work Classic ASP applications just work ASP .NET v1.1 and v2.0 applications just work ADSI and WMI scripts just work against new IIS config


Compatible: Compatible existing applications just work


Slide22: IIS 7 Security Enables You To... Reduce attack surface through componentization Configure / manage sites and apps w/o admin privileges Easily secure web sites using unified authn/authz model Filter requests using built-in module


Slide23: IIS 7 Summary Distributed and delegated configuration Tremendous extensibility, flexibility and customization Rich diagnostics and troubleshooting support Committed to compatibility Continues to build on rock solid IIS 6.0 security


IIS7: IIS7


Slide25: © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.