Overview of the Main Features and Architecture of IIS 6.0:
- Internet Information Services (IIS) version 6.0 is a powerful Web server that provides a highly reliable, manageable, and scalable Web application infrastructure for all versions of Microsoft
Windows Server 2003.
- IIS 6.0 provides many new features for administering and managing Web site security. IIS 6.0 is easy to administer through the interface and is secure by design, secure in deployment,
and highly scalable.
- IIS 6.0provides a secure platform for publishing information on internal networks or on theInternet.
- Microsoft has added many new features to this version of IIS. For example, the metabase is a simple Extensible Markup Language (XML) text file that is backed up automatically.The security model has been completely rebuilt to allow administrators to tightly control executable files. In IIS 6.0, applications can be better isolated in their own application pools for better performance, greater reliability, and easier monitoring.
- The File Transfer Protocol (FTP) service is one of the services enhanced in IIS 6.0. IIS 6.0 has many new features, one of which is the ability to isolate FTP users in their own accounts by using Active Directory directory service. The other new features include User Isolation and Unicode Transformation Format-8 (UTF-8) support.
Main Features of IIS 6.0:
- IIS 6.0 provides a secure platform for deploying and managing Web applications. IIS 6.0 includes new performance-enhancing features for both static and dynamic content, and new security features to ensure the ongoing integrity of the Web server. In IIS 6.0, the core components and architecture have been redesigned. This latest version of IIS also provides new features that make it more reliable, manageable, and scalable. With these changes, IIS 6.0 is significantly different from the earlier versions.
The improvements in IIS 6.0 can be categorized under four subjects:
reliability,manageability, security, and performance.
In this topic, you will learn about the features that are responsible for each of the improvements.
1 ) Improvement: Reliability
Feature : Application isolation
Description:
IIS 6.0 can isolate Webapplications in separateapplication pools. Placing applications in their own pool minimizes the impact of other poorly behaving applications in other application pools. Application pools have configurable properties that separate the applications within them, from other application pools and from IIS 6.0 itself.
2) Improvement: Manageability
Feature : IIS 6.0 metabase
Description:
IIS 6.0 stores configuration settings in an XML file. The earlier versions of IIS stored the metabase in a binary file. You can read, edit, and save the files by using IIS Manager, Metabase Explorer, or any
standard text editor tools. Metabase Explorer, which is included in the IIS 6.0 resource toolkit, requires the Microsoft .NET Framework.
Metabase Explorer allows you to edit the configuration settings by using a graphical interface.
3) Improvement: Security
3a) Feature : Not installed by default
Description:
IIS 6.0 is not installed by default when you install the Standard,Enterprise, or Datacenter editions of the Windows Server 2003 operating system. IIS 6.0 is installed by default when you install the Webedition of the Windows Server 2003 operating system.
3b)Feature: Locked down by default
Description:
When you install IIS 6.0 in the Standard, Enterprise, or Datacenter editions of Windows Server 2003, the Web Service Extensions are locked down by default and will serve only static content.
This new security feature enables administrators to have control over the contents served by the Web server. Features for serving dynamic content, such as Active Server Pages (ASP), ASP.NET, Web
Distributed Authoring and Versioning (WebDAV), Microsoft Office FrontPage® Server Extensions, and server-side includes are not enabled. With the new security model, administrators can enable these
features according to their requirements. The new security model enables administrators to manage the attack surface of the Web server.
4) Improvement: Performance and Scalability
4a)Feature : Kernel-mode caching
Description:
IIS 6.0 provides new kernelmode caching functionality that enhances the performance of applications like ASP.NET and ASP applications.
4b) Feature : Demand start and idle timeout.
Description:
The demand start and idle timeout features ensure that an application pool does not consume system resources unless there are requests for its hosted applications.
The Request Processing Architecture in IIS 6.0:
IIS 6.0 has been redesigned to include a new request-processing architecture that isolates application processes, a feature that makes the Web server more reliable and scalable. The IIS 6.0 request
processing architecture has several features, such as isolation of application processes, kernel-mode queuing, and caching of user responses.
What is the request processing architecture?
The redesigned request processing architecture streamlines request processing by isolating certain processes in their own memory space and optimizing communication between kernel mode and user mode, thus enhancing the performance of the Web server. The request-processing architecture enables individual Web applications to function within a self-contained worker process. This environment prevents one application or Web site from stopping another and reduces the amount of time administrators spend restarting services to correct problems related to applications. The architecture has three main components: the kernel-mode Hypertext Transfer Protocol (HTTP) protocol stack (HTTP.sys), a user-mode administration and monitoring component called the WWW Publishing Service, and application pools.
Components of IIS 6.0 request processing architecture:
The three major components of the IIS 6.0 request processing architecture are: HTTP protocol stack (HTTP.sys). HTTP.sys is a kernel-mode Web listener that receives and places the client requests in a queue. Each application pool has a request queue. HTTP.sys validates the requests and sends only valid requests to the appropriate request queue.
Worker processes (W3WP.exe). Worker processes are user-mode processes, managed by the WWW Service Administration and Monitoring component. Worker processes handle application execution for the applications assigned to an application pool.
WWW Service Administration and Monitoring (W3SVC). The WWW Service Administration and Monitoring component manages the server configurations and the lifetime of the worker process. The WWW Service Administration and Monitoring component is concerned with the health of worker processes and application pools. W3SVC configures by using API’s HTTP.sys with the appropriate request queues, and these queues are managed by HTTP.sys. HTTP.sys routes the request to the appropriate pool, based on the configurations made by W3SVC at startup. The WWW Service
Administration and Monitoring component does not load or process any application code. The W3SVC is a Microsoft Windows® NT service. You can start or stop the W3SVC by using IIS Admin Service.
IIS 6.0 request processing:
The IIS 6.0 request processing involves the following steps:
1. When an HTTP request arrives at the kernel-mode HTTP protocol stack, HTTP.sys checks the validity of the request. If the request is invalid, it returns the appropriate HTTP error code to the requester.
HTTP.sys has its own error log, HTTPerr.log. Invalid requests get recorded in the HTTPerr.log and not in the Web service logs because the invalid requests do not reach the Web server. If the request is
valid, HTTP.sys places the request in the queue of the application pool and the respective worker process handles the request. If the requested page is already in the kernel mode cache, the page is sent
directly to the user.
2. When a request is received by the application pool, if there is no worker process to handle the request, a new worker process is started.
3. The worker process pulls the request from the queue, processes the request, and then sends the response back to HTTP.sys.
4. HTTP.sys sends the response back to the user.
Benefits of the IIS 6.0 request processing architecture:
The IIS 6.0 request processing architecture provides for the separation of operations of the Web server from the processing of application code while increasing the performance of the Web server. The request processing architecture:
- Increases the speed at which HTTP requests are processed. W3SVC can initiate multiple worker processes to handle a request, and this increases the processing of HTTP requests.
- Placing applications in their own pool minimizes the impact of other poorly behaving applications in other application pools
- Reduces server restarts and eliminates WWW service shutdowns caused by failed applications.
- Supports recycling of Web application pools that are not responding and of applications that consume a large amount of memory.
- Supports recycling of Web application pools on a scheduled or periodic basis.