| 10/15/2003
-- Internet Information Services (IIS) 6 is one of Win2003's most-touted new features,
but you may be asking yourself, "Who cares?" After all, IIS is IIS
is IIS, right? What could Microsoft possible have added to make it better (or
worse)? Heck, even the administrative interface looks almost identical to IIS
5, with the exception of some minor icon changes. Is it really that different?
The answer, of course, is "absolutely!" This month I'll try to expose
some of what's new under the hood in IIS 6.0.
All-New Architecture
Perhaps the most important under-the-hood feature is IIS' all-new architecture.
To really appreciate how improved it is, let’s quickly review how IIS
5 and prior versions were built.
In previous versions of IIS, 100 percent of IIS' code ran in user mode. Windows,
as you may know, has two basic memory spaces: user and kernel. Everything in
user space is protected from everything else in user space, and most applications
execute there. Kernel mode is reserved for the OS itself, device drivers and
other low-level components. Kernel mode is very sensitive; in fact, many blue
screen crashes come from poorly-written kernel mode software. In short, kernel
mode has the ability to take down the entire machine. Of course, the benefit
of kernel mode is pure speed: Nothing can access memory and system services
as fast as software running in kernel mode.
IIS 5 also ran under a single memory space. This meant that IIS, any IIS filters
(such as the filters that make Active Server Pages work), and any user code
(such as ASP pages) all share a memory space. If poorly written code is executed,
or vulnerability exploited, that entire memory space can be taken down, effectively
crashing IIS.
So, in IIS 5, IIS would register with the operating system to receive traffic
from ports 80 (HTTP), 443 (HTTPS), 20 and 21 (FTP), and so forth. The OS would
hand traffic off to IIS, passing that traffic from the kernel mode TCP/IP driver
to the user mode IIS code. IIS would then put the traffic into the correct virtual
server, execute ASP code, and do whatever else was necessary.
Those were the old days. With IIS 6, everything changes. To start with, there's
a new piece of kernel mode software: Http.sys. This driver, written by Microsoft,
is responsible for receiving all IIS-bound TCP/IP traffic from the TCP/IP stack.
Running in kernel mode gives the new driver a huge speed advantage, and the
fact that only Microsoft-written code is in Http.sys should ideally make it
as stable as possible. Http.sys never executes any code, such as ASP
code, not written by Microsoft. This means any future exploits found in ASP,
ASP.NET, or some other segment of IIS can't be exploited to crash kernel mode.
Http.sys' job is to hand off traffic to the user mode portions of IIS. All
user-written code -- ASP, ASP.NET, etc. -- runs in user mode. So now, a poorly-written
ASP page won’t necessarily crash the entire IIS server. Because Http.sys
is separate and living in kernel mode, it's protected and the server will be
able to continue processing traffic.
IIS provides memory segmentation for user mode, too, through the use of application
pools. Each application pool (there's one by default, but you can create more)
occupies a dedicated memory space. So if one application pool crashes, the others
will continue to live, and will receive traffic directly from Http.sys. Each
virtual server you create can be assigned to a specific application pool.
For servers running multiple Web sites, you can segregate each Web site so
that one crashes site won't affect the other sites. Http.sys will deliver incoming
traffic to the proper site (passed on destination port, IP address, and host
headers). It's a great idea, under IIS 6, to assign each Web site to a separate
application pool, provided your server has sufficient memory to support them
all. That way, a single crashed site won't affect anything else.
Scalability
Each application pool is served by a single worker process, which can be defined
as a single thread of execution, which processes all ASP pages, Web page requests,
and whatever else your Web site handles. You can, however, configure an application
pool to support multiple worker processes. When you do so, the application pool
is referred to as a Web garden.
You probably are familiar with the term Web farm: It's two or more identical
Web servers that balance incoming requests across them. To users, the servers
appear to be one gigantic server, but to you they're a great way to create scalable
Web sites. A Web garden is a similar concept, sort of a "Web farm within
a server." When you create multiple worker processes for an application
pool, IIS will load balance incoming requests across the available processes.
If one process hangs, IIS can kill it automatically and try to restart it, thus
keeping the Web site performance as high as possible. Because a lot of user
code -- like ASP pages -- can contain memory leaks, IIS can also periodically
recycle a worker processes, ending it and creating a new one to ensure that
resource utilization is as efficient as possible.
With Web gardens, a single poorly-performing Web page -- say, a Web page that's
executing a large query -- won't necessarily hand the entire Web site, because
additional worker processes are available to handle other Web requests in parallel.
You can configure all of these worker process options within the application
pools you create (open up the IIS 6 MMC and you'll notice a new folder for application
pools).
Security
IIS 6 is also supposed to be a brand-new way of thinking about security, and
it really delivers on that promise. Prior versions of IIS had the goal of being
as functional as possible "out of the box." IIS 6 isn't even installed
by default. When you do install IIS 6, the default installation options provide
you with an absolutely stripped-down Web server capable only of serving harmless,
static HTML pages. If you want to offer ASP, server-side includes, WebDAV, FrontPage,
or anything else, you'll need to install each of those options individually
from the Add/Remove Windows Components control panel. The theory is that each
of those components comes with its own security risks, and that you as the administrator
are acknowledging those risks by explicitly installing the components. That's
far better than Microsoft just plunking them all down without you even being
aware of what's going on!
Http.sys itself also lends some basic security beef to IIS. For example, it
conducts a brief examination of all requests, and willr eject requests with
obvious buffer overflows, malformed packets, and so forth. Http.sys also checks
with the file system on each request, and will discard any requests for pages
that don't exist. This helps defeat certain types of Denial of Service (DoS)
attacks, which request random, nonexistent pages from the Web server. Http.sys
can ignore these requests with relatively little effort, rather than passing
the request into user mode and forcing IIS to do something about it.
Worth Your While
From both an architecture, performance, and security standpoint, IIS 6 contains
a lot of new features and designs under the hood. While the MMC might not look
very different from prior versions of IIS, what's running on your 2003 servers
is a redesigned, rewritten version of IIS that's intended to address most of
the security, stability, and performance issues of prior versions. Upgrading
from IIS 5 is usually a piece of cake, and IIS 6 even offers a backwardly-compatible
"IIS 5 Process Isolation Mode" that forces IIS 6 to behave more like
IIS 5. This setting can help you migrate complex Web sites that rely on IIS
5's specific memory and process management techniques.
To me, IIS 6 is one of the "killer apps" that will help drive Win2003
upgrades. Any NT or 2000 Web servers you've got will benefit from a 2003 upgrade.
Microsoft even offers Windows Server 2003 Web Edition, which is a stripped-down
version of Windows intended primarily as a platform for Web servers. It's a
lower-cost version of Windows Server 2003 (the lowest, in fact) and gives you
everything that IIS 6 will become famous for.
|
