Administering Sites That Scale Using Internet Information Services (IIS) 7.5, ARR and URL RewriteScott ForsythSenior Systems ArchitectOrcsWeb, Incweblogs.asp.net/owscottscott@vaasnet.com

SESSION CODE: WEB303

Web farms of the past tended to be …Complex

Web farms of the past tended to be …Expensive (up-front plus annual support contracts)

Web farms of the past tended to be …Fully or semi black-boxed. Difficult to customize or extend.

With IIS 7.5, Web Farms can be …Easier (more approachable)

With IIS 7.5, Web Farms can be …Affordable, both up-front and annually

With IIS 7.5, Web Farms can be …Configurable

With IIS 7.5, Web Farms can be …Highly Scalable

Learning the Tools of the TradeToday’s Roadmap

Web Nodes – Syncing the Web ServersLoad Balancing - ARRURL Rewrite – Directing Traffic

What is a Web Farm?

Part 1 – Syncing the Web Servers

Web ContentKeeping the Data in Sync

Local vs. SMB vs. SANLocal = Disk IO distributed, but so is content sizeSMB = Still need to replicate for redundancySAN = NTFS doesn’t support multi-access. Consider MelioFS from Sanbolic

Replication via DFS-R, Robocopy, 3rd party tools‘Write’ content has good chance of locks. Move dynamic content to database.

IIS Shared ConfigKeeping IIS in Sync

No ACLs or per-server information to worry aboutEnvironment variables supportedUse shared location (i.e. UNC) or replicated configEncryption key only needed once per joined serverLocal = no u/p required. Remote = custom permissionsTurn off during software installs. Rolling upgrades.

Session StateKeeping Session Data in Sync

InProc - Fast but localized per web serverStateServer - Shared but not redundant and doesn’t scaleSqlServer - Shared. Higher latency but will scale. Onus on you for redundancyAppFabric Caching - Still in beta. Holds good potential. SessionStoreProviderThird Party Options - ScaleOut StateServer, nCache (Alachisoft)

Certs; GAC; COM+Keeping the Rest in Sync

Sync manually on a small server farm – document wellWebDeploy for full synchronization

Command line toolTakes some learning but has a lot of flexibility

ASP.NET MachineKey should be specifically set at server or site level

Part 2 – Load Balancing - ARR

Load BalancingIntroducing ARR

Managed with IIS7 ManagerTiny footprintExtremely efficient and scalable

ARR 2.0 + URL Rewrite 2.0

IIS 7.xWindows Server 2008 (R2)

ARR Offers …Core Features

Load Balancing AlgorithmsHealth ChecksCaching (in-memory or on disk)Client affinity / sticky sessionsServer affinity – primarily for bulk hostingSSL Offloading

Three Touch-PointsPath Through IIS

#2 URL Rewrite Rule

#3 ARR Server Farm

#1 Website

IIS Bindings Through the Proxy

ARR Servers(IP=206.72.119.69) Web Servers

Host Header

IP Address

Port

www.site1.com

71.75.85.45

80/443

www.site1.com (untouched)

206.72.119.69

80 (you set)

SSL OffloadingFreeing the Web Servers

Optionally Terminate SSL at ARR (on by default)Moves SSL processing off the web boxesEasier config on web nodes – only bind to HTTPConsiderations:

ARR cannot pass-through SSLIf no SSL Offloading, it decrypts+re-encrypts at ARRCerts maintained on ARR boxesEnsure switched or trusted network to Web nodes

502.3/502.4 ErrorsHandling Errors Gracefully

Customizable – IIS Error PagesPlanned and unplanned “Down for maintenance” pages502.3 = WinHttp Operation Cancelled – usually means a timeout502.4 = Bad Gateway – no available healthy servers

Overcoming the Proxy EffectHiding the Middle-Man

ARR Helper: http://tinyurl.com/arrhelper Port/IP related

REMOTE_ADDR, REMOTE_HOST, REMOTE_PORT, SERVER_PORTSSL related

HTTPS, CERT_SERVER_ISSUER, CERT_SERVER_SUBJECT, CERT_KEYSIZE, CERT_SECRETKEYSIZE, HTTPS_* (same as CERT_*)

ARR createsHTTP_X_FORWARDED_FOR, HTTP_X_ORIGINAL_URL, HTTP_X_ARR_SSL

You can completely fool the web servers into thinking it’s a direct request

High Availability for the Load BalancerEven a Load Balancer Can Fail

HA OptionsHardware Load BalancerNetwork Load Balancer (NLB)Windows Clustering (requires Windows Enterprise+ Edition)

Replicate IIS Config – Shared ConfigurationReplicate SSL Certs – WebDeploy

Part 3 – URL Rewrite – Directing Traffic

URL RewriteEndless Options

Rewrite/redirect…By IP AddressBy URL or QuerystringBy Browser AgentList of URL MappingsAny Server Variable

URL Rewrite‘Compare’ Options

Regular Expressions – full flexibility, but requires knowing some RegexWildcards – easy to use, but minimal flexibilityExact Match – dead easy, no flexibilityRewrite Maps

9 things You Should Know About RegExURL Rewrite’s Powerful Syntax

^ to Start; $ to End. (dot) for any single char (not line break characters \r and \n)\ to escape special characters* to repeat 0 to ~; + to repeat 1 to ~| for “or”? for optional() to create sections for back references or decisions [] for character class{R:0} {C:0} are url and condition references (URL Rewrite)

URL Rewrite URL PartsCommon Server Variables

http://www.bing.com/search?q=IIS+url+rewritehttp(s)://<host>:<port>/<path>?<querystring>

<host> HTTP_HOST

www.bing.com

Two Useful Scripts (VB.NET)ServerVars.aspx (shows all Server Variables)<% For Each var as String in Request.ServerVariables Response.Write(var & " " & Request(var) & "<br>") Next%>

Node.aspx (machine name of web node)<%  Response.Write (System.Environment.MachineName)%>

ReviewApproachable, Affordable, Configurable and Scalable

Web Servers – Mature and accessible tools to keep them in syncARR – Load balanced and cached on the front endURL Rewrite – Virtually unlimited rewrite options

Track ResourcesASP.NET – http://www.asp.net/ Silverlight – http://silverlight/ Expression – http://www.microsoft.com/expression/ Internet Explorer – http://www.microsoft.com/windows/internet-explorer/default.aspx

Resources

www.microsoft.com/teched

Sessions On-Demand & Community Microsoft Certification & Training Resources

Resources for IT Professionals Resources for Developers

www.microsoft.com/learning

http://microsoft.com/technet http://microsoft.com/msdn

Learning

Complete an evaluation on CommNet and enter to win!

Sign up for Tech·Ed 2011 and save $500 starting June 8 – June 31st

http://northamerica.msteched.com/registration

You can also register at the

North America 2011 kiosk located at registrationJoin us in Atlanta next year

© 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to

be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

JUNE 7-10, 2010 | NEW ORLEANS, LA