I get a kick out of people who think that ASP.net doesn't scale. (Considering that some of the biggest, baddest, websites in the world run it, and can run anything they want). Interesting post of PHP vs ASP.net performance test. Comments are a good read too.

SANs published a list of the top 25 reasons systems are hacked. Evidently, a consortium of people participate in this list including Microsoft. The list is a whose who of problems that continually plauge systems and range from improper coding, to improper permissions, to running processes in privledged accounts.

It is a solid list and I would recommend that you inspect it for anything you aren't already looking for:

http://www.sans.org/top25errors/#s4

Wanted to postback to this article by Wade on the IIS team.

He summarizes this issue really well - in particular that topics lose focus due to a the many posts and lack of the ability to see information chronologically sorted in searching.

http://blogs.iis.net/wadeh/archive/2008/12/18/how-iis-can-help-with-sql-injection.aspx

Keep in mind that as he points out early on, request filtering for SQL inhections is a band-aid. Your appliciations should be written so they do not allow passing of invalid or risky strings to the server.

Thanks!

-brett

 

 

Somehow I started revisiting Log Parser resources and links today and wanted to post a few things. If you don't know about Logparser and you manage an IIS server or set of servers (almost any type), then stop what you're doing and go to http://www.iis.net/downloads/default.aspx?tabid=34&g=6&i=1287 , download and smile.

It slices , it dices, it reads multiple log file formats using a SQL like syntax and outputs into multiple formats. The guys at Microsoft.com swear by this jewel.  (PS read anything, ANYTHING written by Jeffery Johnson).  

Here's a visual wrapper that may be helpful. I haven't used it and it's still beta, so don't know how buggy it is or not. http://www.codeplex.com/visuallogparser 

Don't miss this as free online logparser resource that appears to be very active forum.

http://forums.iis.net/default.aspx?GroupID=51

And check this out: http://www.amazon.com/Microsoft-Parser-Toolkit-Gabriele-Giuseppini/dp/1932266526 by Gabriele Giuseppini, who wrote the first 3 version of the tool.

Hope the holidays are treating you well!

-brett

 

 

IIS Admins. I am shamelssly pasting this anncoucment from the IIS team here. Very nice tool that leverages the new extensible IIS 7 pipeline, configuraiton system, and UI.

-brett

-----------------------------------------------------------

 

Install the URL Rewrite Module for IIS 7.0 RTW today!

Microsoft URL Rewrite Module for IIS 7.0 RTW (x86)

Microsoft URL Rewrite Module for IIS 7.0 RTW (x64)

Upgrade from Go Live release

If you already have Go Live release of URL Rewrite module installed then the installation package will upgrade it to RTW release. All rewrite rules in applicationHost.config and web.config files will be preserved. Note that system reboot may be necessary when upgrading from Go Live to RTW release.

ASP.NET update

The installer for URL Rewrite module includes an update for ASP.NET runtime. The update has fixes for bugs specific to URL rewriting. The update is applied only if the machine where URL Rewrite module is being installed has .NET Framework version 3.5 SP1 or higher. If required version of .NET Framework is installed after URL Rewrite module has been installed, then the ASP.NET update can be applied by re-running URL Rewrite module installer in repair mode.

Features

Here is the complete list of features supported by URL Rewrite module:

·         Rules-based URL rewriting engine. Rewrite rules are used to express the logic of what to compare/match the request URL with and what to do if comparison was successful. Web server and site administrators can use rewrite rule sets to define URL rewriting logic.

·         Regular expression pattern matching. Rewrite rules can use ECMA-262 compatible regular expression syntax for pattern matching.

·         Wildcard pattern matching. Rewrite rules can use Wildcard syntax for pattern matching

·         Global and distributed rewrite rules. Global rules are used to define server-wide URL rewriting logic. These rules are defined within applicationHost.config file and they cannot be overridden or disabled on any lower configuration levels. Distributed rules are used to define URL rewriting logic specific to a particular configuration scope. This type of rules can be defined on any configuration level by using web.config files.

·         Access to server variables and http headers. Server variables and HTTP headers provide additional information about current HTTP request. This information can be used to make rewriting decisions or to compose the output URL.

·         Various rule actions. Instead of rewriting a URL, a rule may perform other actions, such as issue an HTTP redirect, abort the request, or send a custom status code to HTTP client.

·         Support for IIS kernel mode and user mode output caching. IIS 7.0 output caching provides significant performance improvements for web applications. URL rewrite module is fully compatible with both types of output caching. This means that it is possible to safely cache responses for rewritten URL's and thus boost the performance of web applications that rely on URL rewriting.

• Rewrite maps. Rewrite map is an arbitrary collection of name-value pairs that can be used within rewrite rules to generate the substitution URL during rewriting. Rewrite maps are particularly useful when you have a large set of rewrite rules, all of which use static strings (i.e. there is no pattern matching used). In those cases, instead of defining a large set of simple rewrite rules, you can put all the mappings between input URL and substitution URL as keys and values into the rewrite map, and then have one rewrite rule which references this rewrite map to look up substitution URL based on the input URL.

·         Failed Request Tracing support. IIS7.0 Failed Request Tracing can be used to troubleshoot errors related to URL rewriting.

·         Extensible Rule templates. Rule template is an extension for URL rewrite module user interface, that simplifies creation of rewrite rules for a particular task.  The GoLive release of the module includes 3 built-in rule templates, plus it allows plugging in any number of custom templates.

·         UI for testing of regular expression and wildcard patterns. A GUI tool for testing rule patterns is included into the module's user interface. The tool can be used to quickly check how the regular expression or wildcard pattern works. Also, it can be used for troubleshooting and debugging of problems related to pattern matching.

·         UI for managing rewrite rules and rewrite maps. Rewrite rules and rewrite maps can be added, removed and edited by using "URL Rewrite Module" feature in IIS Manager.

• GUI tool for importing of mod_rewrite rules. URL rewrite module includes a GUI tool for converting rewrite rules from mod_rewrite format into an IIS format.

·         String manipulation functions. Built-in string manipulation functions can be used to convert URLs to lowercase and to perform URL encoding and decoding.

More information

The following resources related to Microsoft URL Rewrite Module are available on IIS.net:

Walkthroughs:

• Creating rewrite rules
• Using Failed Request Tracing to trace rewrite rules
• Using global and distributed rules
• Using rewrite maps
• Importing rewrite rules
• Enabling "Pretty Permalinks" in WordPress
• Rule templates
• User Friendly URL
• Rule with Rewrite Map
• Request Blocking
• Testing rule and condition patterns
• Using URL rewrite module - video walkthrough

References and guidance:

• URL Rewrite Module configuration reference
• URL Rewriting and ASP.NET routing
• URL Rewriting and Request Filtering
• URL Rewriting for ASP.NET Web Forms
• Developing rule templates for URL Rewrite module

Bill Staples posted an important annoucment about the availability of the Web Deployment tool release Beat 2.

When Bill says something like this "It is one of the fundamental building blocks that IIS will be building on the next several years.", that means "Hey you - IIS admin - pay attention to this cause it's going to REALLY important and some very cool features that you can't live without".

He goes on to say that current features include:

Migrate entire servers or individual sites from one machine to another (IIS6 –> IIS7)

Sync Servers, Sites, and Applications (IIS6 –> IIS6, and IIS7 –> IIS7)

Create offline packages that can be used as backups, version control, and deployment units

as well as:

- Support for SQL Server 2008 database deployment with sites
- Integration into the IIS Manager
- Upcoming support for Web Deploy built into Vistual Studio 2008

Check it out!

 http://blogs.iis.net/bills/archive/2008/10/30/iis-web-deployment-tool-beta-2-released.aspx

Bill Staples sent this annoucment out about the release of this new tool. I know they worked on this for a loooong time. looking forward to feedback!

-brett

 

IIS is thrilled to announce the Beta 1 (Go Live) release of the Microsoft Web Deployment Tool! The tool provides deployment and migration support for IIS 6.0 and 7.0. It incorporates many features that enable web server administrators to deploy, sync and migrate sites, including configuration, content, SSL certificates and other types of content associated with a Web server.

 

This tool can be used on Windows Server 2008 and IIS 7.0 as well as Windows Server 2003 and IIS 6.0. Please note that this is a Beta release, support is available on the forums.

 

How to Get Started

Download the x86 version: http://www.iis.net/downloads/default.aspx?tabid=34&g=6&i=1602

Download the x64 version: http://www.iis.net/downloads/default.aspx?tabid=34&g=6&i=1603

Read the walkthroughs: http://go.microsoft.com/?linkid=8100895

 

Web Deployment Tool forum: http://forums.iis.net/1144.aspx

Web Deployment Team blog: http://blogs.iis.net/msdeploy/

 

Features

We've loaded this version with many great new features such as:

• PowerShell Support - We have PowerShell cmdlets so that you can integrate MS Deploy commands with PowerShell directly.
• Enhanced Dependency Checking - We have IIS7 dependency information listed, plus the ability to see where a dependency is being triggered from. For example, if you have a dependency on Windows Authentication, you can now determine where this is set in the configuration.
• Detailed Help File - We have a Help chm file included in the tool so that you can browse through all the functionality and flexibility offered by the tool, instead of looking through online walkthroughs.

 

Sukesh has developed and released on codeplex, a mobile application that lets your manage an IIS 7 server from your cell phone!

This is very cool application that shows off some of the great technology that is built into IIS 7 and .NET. This app uses the hostable web core, and LINQ plus the new management API, ,microsoft.web.adminsitration.

You can find his blog at http://www.awesomeideas.net/page/IIS7-Mobile-Admin.aspx which links into codeplex where you can download the source code!

Very  nice Sukesh! Keep em comin.

Thanks,

Brett

 

Looking over the logs for search queries that wind up here, there's a need to post some FAQs now that IIS 7 is out.

Q: Can I install IIS 7 on XP or Windows Server 2003?
A: No.

Q: Where do I download IIS 7?
A: It's on the Vista or Windows Server 2008 DVD. Don't look for IIS7 on microsoft.com, it's not there.

Q: I have Vista, but don't see IIS 7.
A: Not all versions have IIS7.  See http://learn.iis.net/page.aspx/28/installing-iis7-on-vista/

Q: What happend to IIS_WPG?
A: See http://www.brettblog.com/2007/10/13/IISGroupsAndUsers.aspx

Q: What happened to the IUSR anonymous user?
A: See http://www.brettblog.com/2007/10/13/IISGroupsAndUsers.aspx

Q: Where is the mother lode of IIS7 info?
A: http://iis.net

Q: How do I disable IPv6?
A: Network properties for NIC

Q: How do I enable WebDAV (DAV) on IIS 7?
A: http://www.iis.net/downloads/default.aspx?tabid=34&g=6&i=1579 Note that you will need to adust the URLFiltering section to allow DAV (see http://learn.iis.net/page.aspx/354/how-to-configure-webdav-with-request-filtering/ )

Q: Where do I get the updated IIS 7 FTP Server?
A: http://www.iis.net/downloads/default.aspx?tabid=34&g=6&i=1619

If you have more questions you'd like see on this list, let me know!

-brett

As we near release for Windows Server 2008, the IIS team has released a beta of a very important tool called the Microsoft Web Deployment Tool.

How to replicate content and setting for web servers continually arises and is one of the most frequently asked questions I receive. Perhaps the second, and closely related question is how to migrate from IIS 6 to IIS 7. This tool has been in development for months but has not been widely discussed publicly so I personally and delighted that it is finally public.

Those of you who need something like this to replicate 6-6, 6-7 and 7-7 scenarios - please download and test this tool.  You can provide feedback to me or via the forums at iis.net. I'd be happy to connect your feedback to the managing PM on the IIS team.

Below is an email that circulated internally annoucing the tool with links.

Enjoy!

-brett

-----------

IIS is thrilled to announce the Technical Preview 1 release of the Microsoft Web Deployment Tool! The tool provides deployment and migration support for IIS 6.0 and 7.0. It incorporates many features that enable web server administrators to deploy, sync and migrate sites, including configuration, content, SSL certificates and other types of content associated with a Web server.

 

This tool can be used on Windows Server 2008 and IIS 7.0 as well as Windows Server 2003 and IIS 6.0. Please note that this is a Technical Preview release of the tool and should not be used on production servers. For a Tech Preview, only forum level support is available.  

 

How to Get Started

Download and read the walkthroughs: http://go.microsoft.com/?linkid=8100895

Download the x86 version: http://www.iis.net/downloads/default.aspx?tabid=34&g=6&i=1602

Download the x64 version: http://www.iis.net/downloads/default.aspx?tabid=34&g=6&i=1603

 

Web Deployment Tool forum: http://forums.iis.net/1144.aspx

Web Deployment Team blog: http://blogs.iis.net/msdeploy/

 

Features

The following list contains several of the features in this version:

·         Synchronization and Snapshot of IIS 6.0/IIS 7.0:

The sync operation provides administrators with a way to quickly synchronize a site or server and deploy changes to existing sites and servers. A synchronization allows you to synchronize one source with one destination. For example, you can synchronize two directory paths or two web servers. The sync can be performed with local or remote objects.

The snapshot, or archive, functionality allows administrators or developers to quickly take an archive of their web site or server for rollback, restore or backup purposes.

·         Migration from IIS 6.0:

The migrate operation provides administrators with a way to migrate sites or entire servers from IIS 6.0 to IIS 7.0, including their settings and content. A migration is essentially a way of synchronizing, filtered by migration rules. For example, when migrating from IIS 6.0 to IIS 7.0, MS Deploy will check the value of some properties and see if it is the IIS 6.0 default. If it is the default, such as the log files directory, it will instead use the value set on the IIS 7.0 server. This enables a server admin to maintain new settings on IIS 7.0 while moving sites or applications from IIS 6.0.

·         Analysis of IIS 6.0 Installed Features:

The analyze operation allows administrators to check what components are installed on the source server. In this way, they can determine if features are present that they will need in IIS 7.0 or that require more advanced setup than simply copying files. For example, ASP.NET requires more than a file copy and will need to be installed on the destination server.

·         Troubleshooting and Validation Features:

For validating an operation, the -whatif flag allows administrators to see what actions would happen when they perform an operation. This is especially useful for performing sync or migration, when they want to validate what changes will be made before performing them. For troubleshooting, the -verboseLevel flag allows administrators to get rich detail about what operations are being performed, and upon failure, the ability to diagnose the problem.

 

Hiya,

Coming out of the Windows Server 2008 Hosting Roadshow, the same technical labs are available through MS Virtual Labs. The links to these labs are below.

Let me know what you think. Thanks!

•	TechNet Virtual Lab: Installation and the New Modular Architecture
•	TechNet Virtual Lab: Installing ASP, ASP.NET and PHP/FastCGI Applications on IIS 7
•	TechNet Virtual Lab: Using the new IIS 7 Configuration System featuring Delegated and Remote Administration
•	TechNet Virtual Lab: URL Authorization and Request Filtering in IIS 7
•	TechNet Virtual Lab: Administering the IIS 7 File Transfer Protocol (FTP) Server
•	TechNet Virtual Lab: Working with the IIS Manager
•	TechNet Virtual Lab: Implementing Preliminary Shared Hosting Guidelines and Shared Configuration
•	TechNet Virtual Lab: Rapid Troubleshooting with IIS 7 Failed Request Tracing

Let me know what you think or if you have questions.

-brett

A big shout out to IIS Pm Kanwaljeet Singla

File this under must have details for IIS 7. Very practical info on IIS 7 registry keys.

http://blogs.iis.net/ksingla/archive/2007/12/30/list-of-registry-keys-affecting-iis7-behavior.aspx

-brett

WebDAV is a way to publish files to your server. I've been a fan since I first saw it and have been teaching people about it for years. When you have everything setup correctly, you can open a web folder in Network Places (or neighborhood or whatever), or on your desktop, and when you drag and drop files into the folder, it publishes over the network using http to the server. Unfortunately, the story about DAV from Microsoft's end has been rather mottled. The specifics of what is possible using DAV, how it appears and behaves depends on the precise combination of which server you're using (DAV was supported on IIS 5 as well), the client (XP, 2000, Vista), and what application you use to do the DAV connection (Explorer, IE, Office, FrontPage).

However, in IIS 7, there is some very good news. Robert McMurray on the IIS team is the same guy that manages the FTP 7 project. He has improved, the DAV story for IIS 7 in many ways. I've had the chance to chat with him on numerous occasions about his vision and hopes for DAV and other publishing protocols and can tell you that he's the right guy for the job.

One of the biggest improvements is that DAV can be enabled per URL. In IIS 6, and 5, DAV was either functional for all sites or not. Now, you can use it just where you need it. The IIS 7 DAV provider integrates with the IIS 7 UI and leverages IIS 7 URL Authorization. URL Auth lets you allow or deny access to content using web.config files instead of ACLS.

This version of DAV is the SERVER side component. The client side will use one of the various providers mentioned earlier - but should work by simply creating a network connection to a dav enabled URL. One way to do this is in IE, using File, Open and selecting the checkbox "open as a web folder".

Once you setup DAV and get used to using it, you'll wonder how you managed without it.

http://blogs.iis.net/robert_mcmurray/archive/2007/12/22/webdav-module-for-windows-server-2008-golive-beta-is-released.aspx

 

-brett

New IIS 7 Virtual Labs online! 

 

You can get hands on with IIS 7's new features and capabilties with these free online labs. These are IT Pro focused labs that came from the hosting roadshow and have been re-factored for online use. Enjoy!

• Installation and the Modular Architecture
• Installing ASP, ASP.NET and PHP/FastCGI Applications on IIS 7
• Using the new IIS 7 Configuration System featuring Delegated and Remote Administration 
• Troubleshooting with IIS 7 Failed Request Tracing 
• Using APPCMD with IIS 7

-Brett

 

BTW, RC1 of Windows Server 2008 is released. AFAIK, this is the last release before RTM.  Expect to see the official launch Feb 28th.

You can upgrade from RC1 to RTM! So if you've been avoiding Beta releases out of concern for stability, RC1 is is solid. (Actually, the server was really solid around beta 3).

Lots of new things to be excited about including an improved TCP/IP stack that should dramatically increase file transfers between Vista/Server and Server/Server. 

http://www.microsoft.com/windowsserver2008/audsel.mspx

BTW, the bits for SP1 of Vista share a lot in common with server as they are same the code base. As a result, Vista benefits from a lot of work done on Server and visa vera.  In the case of IIS 7, you will also get some new features.

=brett 

It's great to see this list of changes and updates to Vista coming up in SP1. Keep in mind that all of this is baked in to Windows Server 2008 as well. 

http://www.istartedsomething.com/20071208/vista-sp1-changelog/

Microsoft publishes detailed Vista SP1 “changelog” - istartedsomething

https://windowsbeta.microsoft.com/server/intro.aspx  is page that is open to the general public asking for feedback about Windows Server 2008.

I really want to encourage Microsoft to do more of this kind of thing and customer to take advantage of it!

Take a moment to respond if you can.

Thanks,

Brett

Good news!

Some of the labs we are using in the web hosting roadshow are now online. No muss no fuss, and free. The labs use the virtual labs technology that involves Virtual Server services hosted at Technet so you can explore IIS 7 on a real, bona fide, Windows Server 2008 server, over the internet right in your browser. If you haven't checked out the virtual labs, it's very cool. Check it out!

 

TechNet Virtual Lab: Installation and the New Modular Architecture

TechNet Virtual Lab: Installing ASP, ASP.NET and PHP/FastCGI Applications on IIS 7

TechNet Virtual Lab: Using the new IIS 7 Configuration System featuring Delegated and Remote Administration

TechNet Virtual Lab: Working with the IIS Manager (will be online soon)

TechNet Virtual Lab: Implementing Preliminary Shared Hosting Guidelines and Shared Configuration (will be online soon)

By special request, here's an outline of the users and groups used by IIS and what they do.

IIS 5 and 6

- IUSR_<servermame> - this is the default anon user for IIS 4, 5, and 6. It is a local account with a large, random password. The account does not exist until IIS is installed. IIS is installed by default on Windows 2000 but not 2003. If you disable this account, anon authentication will fail unless you create assign a new one. This user is a member of Everyone, Users, Authenicated Users, Guests, and the Network built in account (by default).

- IWAM_<servername> - this guy is found on IIS 5 and on IIS 6. I don't recall if it's in IIS 4 as I haven't laid eyes in an IIS 4 server in about 5 years. In IIS 6, it is only used when you run your server in IIS 5 mode, called IIS 5 worker process isolation mode or some such overly long phrase. In this case, sites  and application that are set to run in medium or high isolation run in dllhost.exe as the IWAM_<servername> user.

- ASPNET - this is a local account used to launch the aspnet_wp.exe on IIS 5 and in IIS 6 when it runs in IIS 5 mode.See http://msdn2.microsoft.com/en-us/library/bakfs900(VS.80).aspx for details on how to control the identity of asp_net.exe. It is not typically used in IIS 6 and is not supported on IIS 7.

- IIS_WPG - This is a local group on Windows Server 2003 that is used for one purpose. The IIS _WPG has rights to register application pools with http.sys. What this means is that that if you assign an application pool a unique idenity, you must also add them to this group. By default, this group has the System, Local Service and Network Service accounts in it. By default, application pools on IIS 6 use the Network Service account. If you don't assign custom application pool idenities, you don't need to mess with the membership of this group. Do not delete this group, espcially on a domain controller.

IIS 7

Doesn't have any of the above accounts. Instead you'll find:

- IUSR - built in account for Windows Server 2008 and Vista. Created when IIS 7 is instaled. The IUSR account has the same SID on all Windows Server 2008 systems and Vista. A built in account is different than a local account. Built in accounts cannot be used to log in locally to the server so they don't have a password.

- IUSRS - This is the updated version of the IIS_WPG for IIS 7. The new coolness is that has autmatically maintained membership.

-------

What runs as who when?

For anonymous access, the request will be the run as the assinged anonymous user (preusming that anon authentication is enabled and the anon user has the required access rights). If the request is for ASP.net, subsequent page requests and background operations will access the file system as the process identity (this is the default behavior). Most of the time this is the Network Service account on IIS 6 or the ASPNET user on IIS 5. If not using ASP.net, file access for will be as the anonymous user unless the application your a running reverts to the process identity to do something on the server that the user does not have rights to do. There are quite a few more complications of course, but this typically how things go.

To do research about this, your best friend is Filemon.exe. I learned most of the limited knowledge I have about this by messing around with Filemon and permissions. When you set Deny Full Control, Everyone on a file and then access the file in the web application while Filemon is running, the Access Denied in Filemon will also show you the user that was denied access. Another fun tool to play with is w3ho.dll, a resource kit utility.

Hopefully this is useful.

Let me know

-brett

 

 

 

 Microsoft released the newest version of our FTP server for Windows Server 2008 Release Candidate 0 (RC0)!

 

Listed below are the links for the download pages for each of the individual installation packages:

• FTP 7 (x86) Installation Package
  http://go.microsoft.com/fwlink/?LinkId=87847
• FTP 7 (x64) Installation Package
  http://go.microsoft.com/fwlink/?LinkId=89114

 

This new FTP service incorporates many new features that enable web authors to publish content better than before, and offers web administrators more security and deployment options.

·         Integration with IIS 7.0: IIS 7.0 has a brand-new administration interface and configuration store, and the new FTP service is tightly integrated with this new design. The old IIS 6 metabase is gone, and a new configuration store that is based on the .NET XML-based *.config format has taken its place. In addition, IIS 7.0 has a new administration tool, and the new FTP server plugs seamlessly into that paradigm.

·         Support for new Internet standards: One of the most significant features in the new FTP server is support for FTP over SSL. The new FTP server also supports other Internet improvements such as UTF8 and IPv6.

·         Shared hosting improvements: By fully integrating into IIS 7.0, the new FTP server makes it possible to host FTP and Web content from the same site by simply adding an FTP binding to an existing Web site. In addition, the FTP server now has virtual host name support, making it possible to host multiple FTP sites on the same IP address. The new FTP server also has improved user isolation, now making it possible to isolate users through per-user virtual directories.

·         Extensibility and custom authentication: The new FTP server supports developer extensibility, making it possible for software vendors to write custom providers for FTP authentication. Microsoft is using this extensibility feature to implement two new methods for using non-Windows accounts for FTP authentication for IIS Managers and .NET Membership.

·         Improved logging support: FTP logging has been enhanced to include all FTP-related traffic, unique tracking for FTP sessions, FTP sub-statuses, additional detail fields in FTP logs, and much more.

·         New supportability features: IIS 7.0 has a new option to display detailed error messages for local users, and the FTP server supports this by providing detailed error responses when logging on locally to an FTP server. The FTP server also logs detailed information using Event Tracing for Windows (ETW), which provides additional detailed information for troubleshooting.

 

Additional information about new features in FTP7 is available in the "What's New for Microsoft and FTP?" topic on Microsoft's www.iis.net web site.

 

The following prerequisites are required to install this new version:

1. You must be using Windows Server 2008 (code name "Longhorn") Release Candidate 0 (RC0) or later.
2. Internet Information Services 7.0 must be installed.
3. If you are going to manage the new FTP server using the IIS 7.0 user interface, the administration tool will need to be installed.
4. You must install the new FTP server as an administrator.
5. IIS 7.0 supports a new shared configuration environment, which must be disabled on each server in a web farm before installing the new FTP server for each node. Note: Shared configuration can be re-enabled after the FTP server had been installed.
6. The FTP server that is shipped on the Windows Server 2008 DVD must be uninstalled before installing the new FTP server.

 

To help you get started using the new FTP server, the following walkthroughs have been published on the www.iis.net web site:

 

• Installing FTP7:
• Installing and Troubleshooting FTP7
• Working with FTP Sites:
• Creating a New FTP Site
• Add FTP publishing to an existing Web site
• Configuring Security Features:
• Configure FTP over SSL
• Configure FTP User Isolation
• Configure FTP virtual host names
• Configuring FTP Firewall Settings
• Advanced Administrative Features:
• Using FSRM Folder Quotas with FTP
• Configure IIS Manager Authentication
• Administering the New FTP Service using the IIS 7 Configuration Files

Just in case anyone is reading this, you might have seen the posts from my EMEA web summit tour. Well, for some reason in Poland they decided to record the entire day.

Here are the links to the lectures and slide decks.

List of all session links to Web Administration Summit 2007:

http://www.microsoft.com/emea/itsshowtime/result_search.aspx?event=69&x=13&y=2

 

WEB ADMINISTRATION SUMMIT

IIS 7 Web Server Platform- Windows Server “Longhorn”

 

 

Microsoft’s Next Generation Web Server: What’s New in IIS 7 for IT Pros

Isaac Roybal, Product Manager, Windows Server, Microsoft Corporation

 

This overview session will highlight the key points of interests for IT Pros in Internet Information Services version 7.  IIS7 modularity increases security by allowing a reduced installation footprint and creation of specialized, streamlined servers. Application Pools are now “sandboxed” by default.  You’ll see how IIS7 eases administration with a new IIS Manage UI, delegated administration, and new tools for automating administrative tasks. Applications run more reliably as they are easier to troubleshoot with built in tracing and diagnostics. Finally, multiple servers can use a single configuration file with the shared configuration feature for web farms.

 

IIS7 Administration: The New IIS Manager

Brett Hill, IIS Sr. Technical Evangelist, Microsoft Corporation

 

IIS7 Administration centers around the new task-oriented IIS Manager. This redesigned administration tool has many major new capabilities including the ability to delegate features, edit .NET configuration and has significantly improved performance when managing many sites. The IIS Manager itself is an extensible, modular application that administrators can customize and developers can extend.  In this presentation we’ll explore how use and control the IIS Manager with a special focus on Delegated Administration. In addition, we’ll explore how to use Granular Locking to fine tune your delegated settings beyond those available in the UI.

 

 

 

IIS7 Administration: Shared Configuration, Remote Control, and Automated Tools

Isaac Roybal, Product Manager, Windows Server, Microsoft Corporation

 

For web farms, IIS7 has a powerful new feature – Shared Configuration. This allows you to configure multiple servers to share a single configuration file. The benefits are clear - all web servers have identical configuration so there’s no need to do configuration replication.

In addition, IIS Manager has built in remote administration capabilities. Using https between the IIS Manager and the remote server, this feature includes the ability to define trusted users in IIS Manager and have identities securely stored in the IIS configuration, Windows SAM or AD, or a .NET provider.

Of course, many organizations need to automate administration tasks.  APPCMD is the new powerful, general purpose command line utility for controlling configuration, state for site and pools, and querying status. WMI has been improved specifically for IIS management, and there’s a new managed code API Microsoft.Web.Adminsitrationis that makes it easy for developers use .NET to write IIS management tools. PowerShell can use the managed API or WMI, giving you a superior command line and scripting environment for managing your servers.

 

IIS 7 Security: Less Exposure, Greater Control

Brett Hill, IIS Sr. Technical Evangelist, Microsoft Corporation

 

IIS7 security improvements can be found in many areas. In addition to the ability to control the server footprint, security is improved with the new URLFiltering and URLAuthorization capabilities. Also, you can now use Forms authentication with any content while leveraging .NET role and membership providers. In addition, there are key changes in the user principles and groups used by IIS7 that will make the server both easier to manage and more secure.  Finally, application pool sandboxing helps to improve the security boundary between application pools.

 

 

 

IIS 7 Troubleshooting: Failed Request Tracing

Isaac Roybal, Product Manager, Windows Server, Microsoft Corporation

 

One of the most exciting features in IIS 7 for administrators is the new built-in failed request tracing capabilities. You can configure IIS 7 to automatically create a detailed trace log of events that occurred in the request processing pipeline when specific error codes are seen and/or if a request takes more than N seconds to complete. This is configurable at the server, site, application, or file level, and can be configured in the UI or with a command line tool. The resulting trace log is ideal for identifying bottlenecks. Like everything in IIS 7, it is extensible and can be customized with new events.

 

 

 

 

Finally I can talk about this!

Beta 3 was just signed off and will be posted very soon to connect.microsoft.com.

There is so much coolness in IIS 7 in Beta 3 that's hard to know where to start.

We've had several customers beating up this build pretty hard, including Microsoft.com. This is a good build for the web server platform (can't speak about the rest of it cause I don't know, but from the looks of things, it's all good).

What to look for in IIS7 Beta 3:

Of course, you've heard all about the modular pipeline. Right? what! Snap out of it! This is a big deal.

Shared configuration: You can now configure multiple IIS 7 servers to share a single application host config file. Whohoo! No more metabase replication.

Remote Administration: This is coolness in action. Use https from within IIS manager to connect to another IIS manager. Since it's https, it's firewall friendly and special ports need to be open. You authenticate to the remote IIS manager using Windows users, or you can define users in the IIS manger that are stored in Administration.config (encrypted credentials of course)

Disable Anon user: So if you disable the anon user in IIS7, anon access is still allowed, but you don't use the built in IUSR account. All anon access occurs as the process identity. If you give each process a unique identity, you also give it a unique anon users when this is enabled. Add sandoxing and shared config, and you have a nice package for web farms with secure pools. 

App Pool Sandbox: This takes a while to explain, but essentially, each pool winds up with a configuration file that contains only the settings for that pool and can only be read by that pool.  In this way, an applicaiton pool cannot revert to self and read the configuration of any other pool.

Extensible UI: The UI is not just new from IIS6, it's a platform in and of itself that can be modifed and updated. Look to Carlos' blog and the downloads page on IIS.net for new extensions that are already available. http://www.iis.net/downloads/default.aspx?tabid=34&g=6&i=1328

Are you ready for this: New FTP server! released at the same time as beta 3 is a long awaited new FTP server AND yes,  it supports FTP with SSL (FTPS as I recall as opposed to SFTP). You will find this as a seperate donwload on IIS.net soon. It is not built into longhorn. When you install this puppy you will see first hand  that we aren't kidding about IIS 7 extensiblity. There will be new UI icons and configuration features. In the past, this is something that only Microsoft or a few ISVs would do (modify the UI and IIS configuration), but since the UI is a Winform app, extensiblity is built in, and the IIS 7 schema can be extended with just an XML snippet. Developers are going to be adding all kinds of newness to the IIS Manager. BTW, if you install FTP on Longhorn using the Server Manager or package manager command line, you get the old FTP server in the MMC console.

I know you asking "where can I get more info" and the answer is that papers are being uploaded to IIS.net very soon. Questions? Ask on the IIS.net forums.

I got to go, but I'm really psyched about this release. There is a lot more to talk about so stay tuned.

PS. Bill Staples just posted an annoucment to his blog. http://blogs.iis.net/bills/archive/2007/04/25/what-s-new-in-iis7-beta-3.aspx

-brett

 

 

What can 1 person and web server do anyway? Make a million bucks? Listen to this interview with Markus Frind from PlentyofFish.com about how he moved from a home busienss to a Web 2.0 phenom

http://channel9.msdn.com/Shows/IIS_Show

Interesting stats from his server: http://plentyoffish.wordpress.com/2007/02/09/aspnet-and-iis-2-million-pageviews-per-hour/

 

So, many people will IIS 7 in hand beginning next week with Vista being available. For those of you have not seen it but are interested,you will need to take some time to get up to speed on the new UI and features. Of course, one of the most practical beneifts of IIS 7 on Vista is that you can make more than one website and it's not limited to 10 connections. It will process 10 requests at a time making it impractical to use as a server - but works great as dev platform.

Be sure to get the version of Vista that has the features you want! THEY ARE DIFFERENT. Here's the definitive list of differences on a feature by feature basis: Notice that Windows Authentication in particular is not available on several versions: http://www.iis.net/default.aspx?tabid=2&subtabid=25&i=1100

The IIS team is working fevershily on IIS 7 on Longhorn Server. It's not quite time to discuss the key features that will be on the server version that are not on Vista, but they are going to be very, very useful for enteprises and it won't impact your ability to develop code on Vista to run on IIS 7 in any core way. If you write an applicaiton on Vista to use IIS 7 features, it will run on IIS 7. In fact, our experience has shown that in many cases, ihttp handlers and ihttp modules for ASP.net run without modification. That is not always true as there are some differences in the environment between the core pipline of IIS 7 and the ASP.net pipeline in IIS6.

Keep in mind also that when you install IIS 7, you do NOT get an IIS 6 (or IIS 5.1) equivalent. IIS 7 is LESS enabled with a default install than in previous releases. Be sure to install the features you need using Turn on/Off Windows features or package manager. See details here: http://www.iis.net/default.aspx?tabid=2&subtabid=25&i=957

Mike Volodarsky has an article about this on IIS.net http://www.iis.net/default.aspx?tabid=2&subtabid=23&i=1223. His blog http://mvolo.com/blogs/serverside/ is also reqruied reading for IIS 7 devs.

Please post problems on IIS.net forums which the team montors. That is the best way, I hope, to get help for  your issues and report problems. It absoulety does happen that people report bugs there and they become fixes in the product. 

Thanks!

Brett

(using your best commercial voice)

SEE what Powershell can do you!

THRILL at the capability of IIS's new FASTCGI support native cache!

IMAGINE the possibilities!

GET the sourcecode!

WATCH the video!

http://channel9.msdn.com/Showpost.aspx?postid=256994

Join Bill Staples, Product Unit Manager for IIS 7, and Jeffrey Snover, MMC and Windows PowerShell Architect, as they discuss the new features of Windows Server “Longhorn”, IIS 7 and Windows PowerShell.  See how much easier it is to manage an IIS 7 single box or an IIS 7 web farm with Windows PowerShell

Gotta see this. It's the narrative and screen shots from Bill Staples presentation this morning on FastCGI. You'll find details there about this new preview of FASTCGI as well as info on the new IIS 7 native cache.

http://blogs.iis.net/bills/archive/2006/10/31/PHP-on-IIS.aspx

Today Bill Staples announced the following:

I'm attending ZendCon today and giving a demo in the keynote presentation by Andi Gutmans, one of the creators of PHP, and co-founder of Zend.  I am really excited to announce a technical preview release of FastCGI for IIS, a new component for Microsoft's Web server platform.  This release is available immediately for download to Windows Vista, Windows Server codenamed "Longhorn" and previous versions of IIS including IIS 6.0 in Windows 2003 Server and IIS 5.1 in Windows XP.

This announcement coincides with a broader announcement regarding collaboration between Microsoft and Zend to improve performance and stability of PHP on the Windows platform. This effort aims to help PHP developers achieve improved performance on the Windows platform by leveraging the new IIS FastCGI feature together with Zend’s on-going work to improve the PHP engine on Windows. For more information regarding this announcement, see the news release on Zend's site.

Look for IIS in the news today, talking about this announcement.  eWeek.com just posted this news article: http://www.eweek.com/article2/0,1895,2047535,00.asp

This project wouldn't have been possible without a lot of dedicated and hard working people.  The FastCGI feature itself only started development about 6 weeks ago and has come A LONG way in such a short period of time.  Special thanks go to Rick and Wade, Marchel and Cip, and Mike for working long hours, nights, and weekends to prepare the technical preview release now available on iis.net. 

 IIS 5/6 Forums: http://forums.iis.net/1103/ShowForum.aspx

IIS 7 Forums: http://forums.iis.net/1104/ShowForum.aspx

PHP Community forums: http://forums.iis.net/1102/ShowForum.aspx

The Zend optimized PHP build for Windows, part of the double-punch combo special: http://www.zend.com/products/zend_core/windows_preview

Check it out!

IIS powered by logos are no official!

Enjoy

-brett

   

Not Bill G, silly, Bill S. Bill Staples the product unit manager for the IIS team which means the captain of the IIS boat.

He is often unpredictable about posting stuff that no one else yet knows about and he recently posted a new piece about RC1 and IIS 7.

http://blogs.iis.net/bills/archive/2006/09/05/IIS7...

There's no blockbuster news there aside from the fact the RC1 is done. Outside of Microsoft it looks like just another release for a belated OS, but internally people are working their butts off to get this done. It's an intrusting process to witness from inside.

Expect to see an updated LH Server build available to beta participants very, very soon!

As Bill says in is blog, Vista and Longhorn are coming together pretty well. I recently updated my main working system to Vista (a process we call dogfooding.) and RC1 is clearly the best release to date. Looks like we're on track to hit our release dates. This means that you can start looking at IIS 7 in vista as very, very indicative of what you will see in Longhorn Server. Aside from some spit and polish and some significant performance testing, there will be some features added that make sense for an enterprise or high capability sever, but otherwise, Vista bits and LH server bits for IIS 7 will be very much alike

-brett