The Tasty Morsels Found In Dogfood… MSCOM OPS Top 10 Changes In IIS7.0



Dogfood….yummmm! Yes it is true, Microsoft.com has been running Beta 3 of Windows Server 2008 in production since June 12, 2007. What does that mean? 78 of 80 servers that host the www.microsoft.com website are running W2K8 Beta 3 and IIS7.0. Why only 78? We keep a couple of servers running our previous build of W2k3 and IIS6.0 as a reference. The move from W2K3 to W2K8 while very slick, is a topic for another blog. This is about the top 10 changes that we encountered in IIS7.0


 


1.     Simple, Configurable Command Line Setup


·         Install only the IIS components needed to run your site
Example:
start /w pkgmgr /l:log.etw /iu:IIS-WebServerRole;IIS-WebServer;IIS-CommonHttpFeatures;IIS-StaticContent;IIS-DefaultDocument;IIS-DirectoryBrowsing;IIS-HttpErrors;IIS-HttpRedirect;IIS-ApplicationDevelopment;IIS-ASPNET;IIS-NetFxExtensibility;IIS-ASP;IIS-ISAPIExtensions;IIS-ISAPIFilter;IIS-ServerSideIncludes;IIS-HealthAndDiagnostics;IIS-HttpLogging;IIS-LoggingLibraries;IIS-RequestMonitor;IIS-HttpTracing;IIS-Security;IIS-ClientCertificateMappingAuthentication;IIS-IISCertificateMappingAuthentication;IIS-RequestFiltering;IIS-IPSecurity;IIS-Performance;IIS-HttpCompressionStatic;IIS-HttpCompressionDynamic;IIS-WebServerManagementTools;IIS-ManagementConsole;IIS-ManagementScriptingTools;IIS-ManagementService;IIS-IIS6ManagementCompatibility;IIS-Metabase;IIS-WMICompatibility;IIS-LegacyScripts;IIS-LegacySnapIn;WAS-WindowsActivationService;WAS-ProcessModel;WAS-NetFxEnvironment;WAS-ConfigurationAPI


2.     Great Compatibility Story


·         Most (99%+) ASP and ASP.NET applications just worked.


ü  One application encountered breaking change


ü  Handful of applications required config migration to run in Integrated
(We have about 260 applications running on www.microsoft.com as defined by IIS, there are thousands of pages of code that could have broken but didn’t.)


·         Integrated Pipeline is the new unified request processing pipeline. Benefits include:


ü  Allowing services provided by both native and managed modules to apply to all requests, regardless of handler. For example, managed Forms Authentication can be used for all content, including ASP pages, CGIs, and static files.


ü  Empowering ASP.NET components to provide functionality that was previously unavailable to them due to their placement in the server pipeline. For example, a managed module providing request rewriting functionality can rewrite the request prior to any server processing, including authentication, takes place.


ü  A single place to implement, configure, monitor and support server features. For example, single module and handler mapping configuration, single custom errors configuration, single url authorization configuration.


·         Classic ASP mode allows for easy app migration


ü  ASP.NET Setup provides a “Classic .NET AppPool”


ü  For more information on check out the article ASP.Net Integration With IIS7


·         Use AppCmd to migrate apps to Integrated mode


ü  %windir%\system32\inetsrv\APPCMD.EXE migrate config <Application Path>


ü  For more information about AppCmd.exe see Getting Started With AppCmd.exe


·         IIS 6.0 Metabase compatibility layer


ü  Allows you the run old ADSI scripts


ü  IIS6.0 Metabase Compatibility module must be installed


3.     No More Metabase! 


·         Clean clear-text schema


·         IIS settings stored in XML configuration file (applicationHost.config)


ü  Metabase exists for SMTP/NNTP/FTP only


·         Site-wide changes made easily


ü  Update central applicationHost.config and copy to all web servers


ü  Replaces our bulky ADSI based script solution for metabase changes


·         Microsoft.com considerations


ü  Careful copying to production servers under load:
(Know Thy Environment! When you push out a new applicationHost.config those affected worker process need to reload the new configuration. It comes down to the scope of the change. For example, if you are making a global change that that affectes all the worker processes, and you are heavily dependent on caching then you could cause some grief in your environment as those new configurations are reloaded by the worker processes.)


4.     Centralized Configuration


·         applicationHost.config stored on UNC share


·         Allows us to copy to two (maybe four) servers rather than 80


ü  Potential gotcha – managing password changes for account used to connect to config store
(This is because that currently you cannot use the UNC share that is running under the Network service, which we use heavily. It currently requires a domain account, which our security policy mandates a periodic password change.)


5.     Delegated Configuration


·         Admin can now delegate IIS settings to application owner


·         Settings defined in web.config file in application directory


·         Example of setting to delegate include:


ü     System.webServer section of applicationHost.config


ü     Caching,  defaultDocument, httpErrors, security


6.     AppCmd and Other New Management Options


·         Managing via the UI


ü  New modular, task-based look and feel


ü  Moving away from the right-click/properties paradigm


·         Managing via the Command Line


ü  AppCmd


§  Command line utility which replaces adsutil.vbs, iisapp.vbs, and others


§  Allows command line management of sites, applications, vdirs, apppools, modules, tracing, and more


ü  Powershell


§  IIS community creating IIS-specific Powershell cmdlets


·         MSCOM Considerations


ü  AppCmd limitations – no remote


ü  No IIS provider for Powershell


 


7.     Failed Request Tracing


·         Buffers the trace events for requests and flushes them to disk if they meet your failure criteria


·         Captures trace data while you’re sleeping


·         Very little perf impact when targeting failing requests


·         Quick test: Enabling tracing for all file extensions and errors results in approx 5% fewer requests/sec at full stress load (please don’t do this in production)


·         View Currently Executing Requests via AppCmd


ü  appcmd list requests (for all request)


ü  appcmd list requests /apppool.name:DefaultAppPool


REQUEST “3e00000080012675” (url:GET /casestudies/casestudy.aspx?casestudyid=201269, time:2954 msec, client:127.0.0.1)


·         New Task Scheduler


ü  Trigger tasks on events


8.     Request Filtering


·         No more URLScan


·         </requestFiltering> settings in applicationHost.config


·         Gotcha for Microsoft.com: If filename includes “+” then allowDoubleEscaping must be set to “true


ü  <requestFiltering allowDoubleEscaping=”true”>


·         Allow or disallow specific file extensions and verbs


ü  <add fileExtension=”.exe” allowed=”false” />


·         DenyURLSequences


ü  <add sequence=”./” />


ü  <add sequence=”/.” />


·         RequestLimits


ü  maxAllowedContentLength=”1000000“


ü  maxUrl=”260“


ü  maxQueryString=”2048″


9.     UNC Content


·         Simplified content synchronization


·         Reduced H/W footprint (potentially less cost)


ü  Common industry pain point


10.  Output Caching of Dynamic Content


·         Fewer off-box calls to backend dependencies


·         Significant performance gains


·         Simple WCAT (Web Capacity Analysis Tool) Stress Test against www.microsoft.com/en/us/default.aspx
Not appropriate for all applications (e.g. not effective for those with very personalized output)


 


Well that is our Top 10. We are making new discoveries every week and are looking forward to the next builds that we can update to. We are filing bugs when we find them and will continue to push information to the product teams and we will try and keep this blog updated as new, juicy morsels are discovered in the Dogfood.

Comments (45)

  1. Anonymous says:

    Learn how the Microsoft.com operations team meets the demands for one of the top 5 websites on the Internet today. The team supports the server product teams at Microsoft by "dogfooding" products such as Windows Server 2008, SQL Server 2008 and IIS7 years

  2. Anonymous says:

    Microsoft Ops posted an interesting blog about &quot;the top 10 changes that we encountered in IIS7.0&quot;:

  3. Anonymous says:

    Here is the latest in my link-listing series . Also check out my ASP.NET Tips, Tricks and Tutorials page

  4. Anonymous says:

    Here is the latest in my link-listing series . Also check out my ASP.NET Tips, Tricks and Tutorials page

  5. Anonymous says:

    Quick Links Security – Platforms – Internet – SQL Server – Unified Comms – Manageability The TRM blog…

  6. Anonymous says:

    I just ran across this post and had to share. The Microsoft.com team just posted the top 10 reasons they

  7. Anonymous says:

    Microsoft.com 从6月12日开始运行Windows Server 2008 Beta 3到现在已经有将近三个月了.微软Microsoft.com运营团队公布了他们部署IIS 7.0后的使用后感,其中十大改进当然是我们最关注的内容,一起来看看吧. 1. 更简便的命令行配置功能2. 更强的兼容性3. 抛弃MetaBase4. 集中管理5. 委任配置6. AppCmd 与其它新的管理手段7. 失败请求追踪8. 请求过滤9. UNC 内容支持10. 动态内容输出缓存 查看更多技术资料:The

  8. Anonymous says:

    The Microsoft Operations team gives a top ten list, explaining the best reasons why to move to IIS 7.0 (in Server 2008). This comes as part of Microsoft’s dog food policy where they make use of their technology before releasing it to the masses. Specifically,

  9. Anonymous says:

    Le cordonnier; qui n’a décidément peur de rien; a pris deux décisions importantes, la première utiliser

  10. Anonymous says:

    Le retour des équipes de Microsoft.com suite à la migration de 78 des 80 serveurs web sur Windows 2008

  11. Anonymous says:

    Here is the latest in my link-listing series . Also check out my ASP.NET Tips, Tricks and Tutorials page

  12. Anonymous says:

    I&#39;ve haven&#39;t had a chance to post much over the past few weeks – its pretty frustrating at times

  13. Anonymous says:

    狗粮。。。美味!是的,从6月12日起,Microsoft.com已经在Windows Server 2008 Beta 3上运行了3个月。这意味着,运营 http://www.microsoft.com 的80台服务器中的78台运行W2K8和IIS7

  14. Anonymous says:

    Here is the latest in my link-listing series . Also check out my ASP.NET Tips, Tricks and Tutorials page

  15. Anonymous says:

    One of the products that my team builds that I am most proud of is IIS 7. IIS 7 is a *major* update of

  16. Anonymous says:

    Un retour d’expérience sur une mise en production depuis la mi-juin 2007 sur 78 serveurs. Voici le lien:

  17. Anonymous says:

    Wow! Ok, jag lovar sista för nu 🙂 Men det här är grymt! Killarna och tjejerna som driftar http://www.microsoft.com

  18. Anonymous says:

    News BizTalk Server BizTalk Server Database Optimization http://msdn2.microsoft.com/en-us/library/bb743398.aspx

  19. Anonymous says:

    One of the products that my team builds that I am most proud of is IIS 7. IIS 7 is a *major* update of

  20. Anonymous says:

    Thanks to Ian (you know who you are) for pointing me to the Microsoft.com Operations team blog – specifically

  21. Anonymous says:

    Last Thursday we delivered a day briefing on developing server applications with IIS7, WCF, WF, MSMQ

  22. Anonymous says:

    Has there been a performance increase with moving to IIS 7?  Is there a stability issue with IIS 7 under http://www.microsoft.com demanding environment?

  23. Anonymous says:

    As far as a performance increase with IIS7.0, we haven’t seen one nor did we expect one as the Beta 3 release was a functionality release as opposed to a performance release. We also did not see see any performance degredation by going IIS7.0, it was on par with what we were seeing in IIS6.0. This is also a very stable build, otherwise we would not be running it as widely as we are in production.

  24. Anonymous says:

    Here is the latest in my link-listing series . Also check out my ASP.NET Tips, Tricks and Tutorials page

  25. Anonymous says:

    One of the products that my team builds that I am most proud of is IIS 7. IIS 7 is a *major* update of

  26. Anonymous says:

    狗粮。。。美味!是的,从6月12日起,Microsoft.com已经在Windows Server 2008 Beta 3上运行了3个月。这意味着,运营 http://www.microsoft.com 的80台服务器中的78台运行W2K8和IIS7.0。为什么

  27. Anonymous says:

    I just ran across this post and had to share. The Microsoft.com team just posted the top 10 reasons they

  28. Anonymous says:

    This information comes from the Technical Rollup Mail blog which can be found here http://blogs.technet

  29. Anonymous says:

    September 16th Links: ASP.NET, ASP.NET AJAX, IIS7, Visual Studio, Silverlight

  30. Anonymous says:

    Le retour des équipes de Microsoft.com suite à la migration de 78 des 80 serveurs web sur Windows 2008

  31. Anonymous says:

    I alway like to pick the brains of the people deploying new versions of technologies because you learn the pain points and typically what you gain from a new revision of a software package. It is also the same reason I jump in early on any beta product

  32. Anonymous says:

    Tony,

    There is still no IIS provider for Windows Powershell, so there isn’t much we can do in terms of IIS configuration out of the box.  Still no word on when it will be available, only that it will be available at some point.  However, we do use Powershell for our IIS 7 testing, wrapping it around our Tinyget and WCAT log playback, and we’ll be writing more cmdlets for other tasks in the near future.

  33. Anonymous says:

    One of the products that my team builds that I am most proud of is IIS 7. IIS 7 is a *major* update of

  34. Anonymous says:

    We are not running any CGI applications, only .Net with a couple of asp classic apps still kicking around.

  35. Anonymous says:

    One of the products that my team builds that I am most proud of is IIS 7. IIS 7 is a *major* update of

  36. Anonymous says:

    One of the products that my team builds that I am most proud of is IIS 7. IIS 7 is a *major* update of

  37. Anonymous says:

    Scott, great question that deserves clarification (and I have editied the blog to help clarify). Sure, first of all, app pools will not "recycle" (bad choice of words on our part), but rather those worker processes need to reload configuration.  That is where the performance hit comes from.  In cases where we push changes specific to just one app, or even a few that span several application pools, the performance hit isn’t too bad.  We can push such changes while the server is under production load.  However, when we make a global change such as adding a new module that impacts all application pools, the performance impact is such that we could see some timeouts and/or request queuing (due to the sustained 100% CPU as the new config is loaded into every worker process).

    Thanks for your comment!!

  38. Anonymous says:

    On Wednesday delivered a day briefing on developing server applications with IIS7, WCF, WF, MSMQ as well

  39. Anonymous says:

    Here is a great post that explains the top 10 items of IIS7 and how it is working with Microsoft.com

  40. Kiruthik says:

    Are you guys running any CGI applications and did that got into that 78 ??

  41. Elan Hasson says:

    All of these features look VERY cool. I can’t wait to use these in production.

  42. denni says:

    Too bad there is still no built-in url rewriting function.

  43. Scott says:

    I have a question regarding your comment about pushing applicationHost.config to your servers.  You said this:

    "When you push out a new applicationHost.config your app pools and applications will be recycled"

    Most changes to applicationHost.config will not cause the recycles that machine.config and web.config do.  I’m curious as to which changes caused this.  Is this because you made changes to the sites or applications, or did just some small changes cause that to happen?  What type of changes caused the recycles?

  44. Scott says:

    Thanks (MSCOM)!  That makes sense then, a global change like new modules would do that which explains the reason why you get the appdomain recycles.  I wanted to confirm what type of things that you saw that for.

    Great blog post btw!  Thanks for taking the time and making this information available.

  45. Tony W. says:

    With IIS-7’s great "compatibility story," what is the reasoning behind using the "appcmd" utility rather than going with PowerShell like many (most?) other Microsoft products are doing?

    Wouldn’t there be an advantage to leveraging the PowerShell syntax toward IIS configuration?