Internet Information Services Process Model

8/14/2019 Internet Information Services Process Model

1/19

Internet InformationInternet Information

Services Process ModelServices Process Model

Chris AdamsChris AdamsIIS Technical Lead WAIIS Technical Lead WA

Microsoft CorporationMicrosoft Corporation


2/19

2

WebCast TopicsWebCast TopicsProcess ModelProcess Model

IIS 4.0IIS 4.0In-ProcessIn-Process

BenefitsBenefits

DrawbacksDrawbacks

Isolation (Separate Memory Space)Isolation (Separate Memory Space)

BenefitsBenefits

Transaction ServerTransaction Server

IntegrationIntegration Advanced SecurityAdvanced Security

DrawbacksDrawbacks

PerformancePerformance

Hardware ConsiderationsHardware Considerations

IIS 5.0IIS 5.0In-Process (inetinfo)In-Process (inetinfo)

Medium (Pooled)Medium (Pooled)

BenefitsBenefits

Application IsolationApplication Isolation

StabilityStability

Isolation (Separate MemoryIsolation (Separate MemorySpace)Space)

ASP.NET and IIS 5.0ASP.NET and IIS 5.0

Service Accounts and IISService Accounts and IIS

In-ProcessIn-Process

System AccountSystem AccountConfigurable?Configurable?

Out of ProcessOut of Process

Component ServicesComponent ServicesIntegrationIntegration

Configurable IdentityConfigurable Identity

Performance LossPerformance Loss

Considerations: InProc vs. OOPConsiderations: InProc vs. OOP


3/19

3

IIS 4.0 Process Model: ModesIIS 4.0 Process Model: Modes

Microsoft IIS 4.0Microsoft IIS 4.0

(Windows NT(Windows NTOption Pack)Option Pack) Two modesTwo modes

In-processIn-p

rocess

(Inetinfo.exe)(Inetinfo.exe) Out-of-processOut-of-p

rocess(Mtx.exe)(Mtx.exe)

The example showsa site running in-process. If selected,the site or virtualdirectory would bechecked.


4/19

4

IIS 4.0 Process Model: In-ProcessIIS 4.0 Process Model: In-Process

BenefitsBenefits Performance is fastPerformance is fast

Less variables to breakLess variables to break

DrawbacksDrawbacks

InetInfo service isInetInfo service isvulnerable tovulnerable tounexpected shutdownunexpected shutdown

Example shows a siterunning out of process ina process named "MTX".


5/19

5

In-Process ModelIn-Process Model

Internetclients

Internetclients

IIS 4.0 Server

One process: InetInfo

1

23

InetInfo: W3SVC MSFTPSVC SMTPSVC NNTPSVC

Metabase: Loaded here

ISAPI Filters: Loaded here

In-proc ISAPI handling

InetInfo: W3SVC MSFTPSVC SMTPSVC NNTPSVC

Metabase: Loaded here

ISAPI Filters: Loaded here

In-proc ISAPI handling


6/19

6

IIS 4.0 Process Model: IsolationIIS 4.0 Process Model: Isolation

Integration with MTSIntegration with MTS BenefitsBenefits

Permits granular isolation from the site to thePermits granular isolation from the site to thevirtual directory levelvirtual directory level

Runs as isolated individual process called MTXRuns as isolated individual process called MTX

DrawbacksDrawbacks

PerformancePerformance

Process delays between InetInfo and MTXProcess delays between InetInfo and MTX WAMWAM

Maps requests to low or high isolationMaps requests to low or high isolation


7/19

7

Out-of-Process CostsOut-of-Process Costs

Internetclients

Internetclients

IIS 4.0/5.0 Server

Get

Default.asp

Metabase lookupISAPI processing

Note: Both InetInfo and MTX are running on the same machine, and costs come in

the form of CPU cycles needed to switch from the InetInfo context to the MTX

context and back.

1

2

3

4

5

InetInfoprocess

InetInfoprocess

MTXprocess

MTXprocess


8/19

8

Out-of-Process Entire CostsOut-of-Process Entire Costs

Internetclients

Internetclients

IIS 4.0/5.0 Server

Get

Default.asp

Metabase lookupISAPI processing

Inter-

ProcessCall whichisexpensiveon CPU

Note: Both InetInfo and MTX are running on the same computer, and costs come in

the form of CPU cycles needed to switch from the InetInfo context to the MTX

context and back.

MTXprocess

MTXprocess

InetInfoprocess

InetInfoprocess


9/19

9

Process Model IIS 5.0Process Model IIS 5.0 Three modes:Three modes:

Low (IIS process)Low (IIS process) Medium (pooled)Medium (pooled)

High (isolated)High (isolated)

Low:Low: Process runs totallyProcess runs totally

under identity ofunder identity ofsystem accountsystem account

Excellent forExcellent for

troubleshooting IIS totroubleshooting IIS toCOM errorsCOM errors

Isolated processes:Isolated processes:uses COMuses COM

Out of sync problemsOut of sync problems


10/19

10

COM+ IntegrationCOM+ Integration

InternalsInternals ASP thread pool (uses COM+ STA thread pool)ASP thread pool (uses COM+ STA thread pool)

ASP transactions (IIS utilities COM+ application)ASP transactions (IIS utilities COM+ application)

Out-of-process (medium or high):Out-of-process (medium or high): Process isolation for ISAPIProcess isolation for ISAPI

By default, during installation, IIS creates threeBy default, during installation, IIS creates three

packagespackages By default, processes created by IIS are run underBy default, processes created by IIS are run under

the identity of IWAM_MachineNamethe identity of IWAM_MachineName

User identity is configurableUser identity is configurable


11/19

11

This is a screen shot of the

component services. With alldefault installations of IIS 5.0,three applications are created:

IIS InProc AppsIIS Out-of-process PooledIIS Utilities

Component Services DefaultComponent Services DefaultScreen ShotScreen Shot


12/19

12

Clicking identityexposes the useraccount being usedto run the process

To run without error,the user identifiedhere needs thefollowing minimiummachinepermissions: Log on locallyLog on locally Access thisAccess this

computer fromcomputer fromthe networkthe network

Log on as aLog on as abatch obbatch ob

Out-of-Process ApplicationOut-of-Process ApplicationProperties Default Screen ShotProperties Default Screen Shot


13/19

13

The configuration forthe IIS out-of-processpooled process isobtained by right-

clicking and selectingproperties from thecontext menu

The Identity tab iswhere the process(dllhost) serviceaccount is configuredto run; in the case ofIIS, this is the IWAM

account

Is stored in the metabase

Identity Configuration ScreenIdentity Configuration ScreenShotShot


14/19

14

IIS stores the identity information that is to be used in themetabase

This information can be obtained using the ADSUtil or MetaEditutilities

By default, the password is secured by the ADSUtil utility and

MetaEdit

Metabase Stored Data Screen ShotMetabase Stored Data Screen Shot

Metabase Information Stored onCOM+ Identity


15/19

15

ASP.NET and IIS 5.0ASP.NET and IIS 5.0

IIS in-process ISAPI applicationsIIS in-process ISAPI applications Handled directly by InetInfoHandled directly by InetInfo How does this differ from default handling?How does this differ from default handling?

Inetinfo routes directly to ASPNET_WP.exeInetinfo routes directly to ASPNET_WP.exe

Is ASP.NET an in-process or out-of-proc ISAPI?Is ASP.NET an in-process or out-of-proc ISAPI? An In-Proc ISAPI ApplicationAn In-Proc ISAPI Application

Is classic ASP an in-process ISAPI?Is classic ASP an in-process ISAPI? ASP ISAPI can run either InProc or OOPASP ISAPI can run either InProc or OOP

If it is an in-process account, what account is the ISAPIIf it is an in-process account, what account is the ISAPI

running under?running under? ASPNET User created during ASP.NET FrameworkASPNET User created during ASP.NET FrameworkInstallInstall

Why is this important?Why is this important? To understand what is loaded and running in the InetInfoTo understand what is loaded and running in the InetInfo

processprocess

Default in-process ISAPIsDefault in-process ISAPIs


16/19

16

ASP.NET and IIS 5.0ASP.NET and IIS 5.0 (2)(2)


17/19

17

Process ConsiderationsProcess Considerations

In-process is sufficient to use:In-process is sufficient to use: When hardware limitations restrict the system from havingWhen hardware limitations restrict the system from having

good performance running out-of-processgood performance running out-of-process

On IIS 4.0, only when application code or third-party codeOn IIS 4.0, only when application code or third-party codehas been thoroughly tested!has been thoroughly tested!

On IIS 5.0On IIS 5.0 With enough power, most applications should stay in theWith enough power, most applications should stay in the

medium-pooled processmedium-pooled process

Keep in mind that making one call to one DLLHost isKeep in mind that making one call to one DLLHost isbetter than one DLLHost calling another, and anotherbetter than one DLLHost calling another, and another

When errors are occurring on the serverWhen errors are occurring on the server It is frequently a good idea to isolate the problem to IISIt is frequently a good idea to isolate the problem to IIS

or COM by moving the site/virtual directory in- or out-of-or COM by moving the site/virtual directory in- or out-of-processprocess

If breaking while InProc, take out-of-processIf breaking while InProc, take out-of-process

If breaking while out-of-process, move InProcIf breaking while out-of-process, move InProc


18/19

18

Process ConsiderationsProcess Considerations (2)(2)

Out-of-process should be used:Out-of-process should be used: To isolate known problematic codeTo isolate known problematic code

On IIS 5.0On IIS 5.0

Only isolate high volume using high isolatedOnly isolate high volume using high isolated Leave most sites running in pooled memory spaceLeave most sites running in pooled memory space

On IIS 4.0On IIS 4.0

Troubleshooting or high volume sites are typically theTroubleshooting or high volume sites are typically theonly reason to run in high isolationonly reason to run in high isolation


19/19

Thank you for joining us for todays Microsoft SupportThank you for joining us for todays Microsoft Support

WebCast.WebCast.

For information about all upcoming Support WebCastsFor information about all upcoming Support WebCasts

and access to the archived content (streaming mediaand access to the archived content (streaming media

files, PowerPointfiles, PowerPointslides, and transcripts), please visit:slides, and transcripts), please visit:

http://http://support.microsoft.com/webcastssupport.microsoft.com/webcasts//

We sincerely appreciate your feedback. Please send anyWe sincerely appreciate your feedback. Please send any

comments or suggestions regarding the Supportcomments or suggestions regarding the Support

WebCasts toWebCasts to [email protected]@microsoft.com..
http://support.microsoft.com/webcasts/http://support.microsoft.com/webcasts/http://support.microsoft.com/webcasts/http://support.microsoft.com/webcasts/http://support.microsoft.com/webcasts/http://support.microsoft.com/webcasts/mailto:[email protected]:[email protected]:[email protected]://support.microsoft.com/webcasts/http://support.microsoft.com/webcasts/http://support.microsoft.com/webcasts/

Internet Information Services Process Model

Documents

Transcript of Internet Information Services Process Model