IIS/ASP.NET Best Practices

1
IIS/ASP.NET Best Practices

• Clint Edmonson
• Architect Evangelist
• Microsoft Corporation

2
Advice for IT Pros...

• Offer a menu of server configurations to
  developers (and create using separate app pools)
• Provide a copy of server's ASP.NET config files
  to developers
• Require a load test before allowing apps into
  production (at least the home page)
• Implement a server change request and tracking
  system
• Don't allow developer access to production
  servers

3
Advice for Architects...

• Use an n-tiered architecture (e.g. web tier,
  service tier, and database tier)
• Keep your UIs dumb
• Develop a set of shared enterprise components
  services
• Security (Authorization, Authentication)
• Event Logging Notification
• Database Location Access
• Service Location Access
• Encryption

4
Advice for Developers...

• Don't hard code IP addresses, use DNS names
• Assume your app will be running in a web farm
• Assume you'll be sharing resources with other
  web apps
• Assume your app will be restarted on a regular
  basis
• Minimize your web.config complexity

5
IIS/ASP.NET Best Practices

• Shawn Travers
• IT Pro Evangelist
• Microsoft Corporation
• http//blogs.technet.com/shawnt

6
IIS7 Modularity
7
Default Install Static Content only
8
ASP.NET Install
9
IIS7 Security

• Architecture changes
• Componentization
• Componentization reduces attack surface and
  allows for server hardening according to
  business needs
• Built-in accounts and groups
• SID injections for IIS_IUSRS group and worker
  process to help with site migration without
  security compromise
• Application Pool Isolation by default
• New security management features for IT Pros
• Request Filtering rules
• URL Authorization rules
• Secure remote management via HTTPS
• Allow fine-grained control over feature
  delegation to non-web server administrators

10
XML Config Files Replace Metabase

• Difficult to manage
• Difficult to replicate
• Machine-level depository
• Requires direct server access

• Decentralized
• Text based
• Scriptable
• Extensible
• Understandable
• Easy to deploy
• Easy to delegate

11
Hierarchy of Configuration Files
Applications
Sites
Virtual Directories
12
Deploying Datacenters and Hosts

• Minimum Install by Default
• XCopy Deployment
• Built-in User Accounts
• Shared Hosting

13
IIS 7.0 Modules Overview

• Install a module on the server (native modules
  only)
• Enable the module in an application

• Manually edit the configuration store
• Use IIS Manager or appcmd.exe

• Use only the modules you need
• Replace core server modules with custom modules

14
IIS 7.0 Architecture Changes
15
Web Server Network Traffic
Connection Type Connection Speed 5KB Pages per Second
PPP/SLIP via modem 28.8 Kbps About half of 1 page
Frame Relay/fast modem 56 Kbps Almost 1 page
ISDN 128 Kbps Just over 2 pages
Typical DSL 640 Kbps Almost 11 pages
DS1/T1 1.536 Mbps 26 pages
10-megabit Ethernet 8 Mbps (best case) (Up to) 136 pages
DS3/T3 44.736 Mbps 760 pages
OC1 51.844 Mbps 880 pages
100-megabit Ethernet 80 Mbps (best case) (Up to) 1,360 pages
OC3 155.532 Mbps 2,650 pages
OC12 622.128 Mbps 10,580 pages
1-gigabit/sec Ethernet 800 Mbps (best case) (Up to) 13,600 pages
Traffic Type Bytes Sent
TCP connection 180 (approx.)
GET request 256 (approx.)
5-KB file 5,120
Protocol overhead 1,364 (approx.)
Total 6,920 (55,360 bits)
16
Tuning the Network for IIS
17
Performance Tuning Best Practices
18
ASP.NET Tips and Tricks
19
Remote Storage and Performance
20
Monitoring Performance
Automatic Failed Request Tracing
Reliability and PerformanceMonitor
NetworkMonitor
21
IIS7 Performance Improvements

• Microsoft.com sees a 10 performance improvement
  overall
• More powerful compression
• For static and dynamic content
• Default Document optimization
• Output Caching
• Per URL, query string and/or request headers
• APIs for putting responses in the output cache
• Kernel mode SSL and Windows authentication
• Performance improvements
• Improved Scalability
• Host thousands of sites for multi-tenancy
  scenarios
• FastCGI
• Great way to run PHP on IIS

22
Performance Best Practices

• Enable Output Caching for semi-dynamic pages
• Low bandwidth Branch Offices?
• Enable Dynamic Compression ( 5 CPU overhead)
• Need to run many web apps on a single box?
• Run IIS worker processes in Wow64 mode
• Room for the OS, scalability for your web apps
• Its an per-AppPool setting now
  Enable32BitAppOnWow64
• Thinking about buying new Web Server hardware?
• W2K8 scales extremely well on new multi-proc
  boxes (4 and 8 core)
• ASP.NET op caching vs. IIS op caching vs. KM
  output caching

23
Performance Best Practices

• 1000s of requests per second?
• Remove modules you dont need
• You dont know why some pages are so slow?
• Turn on Failed Request Tracing and the
  time-taken feature to investigate
• You script-mapped all requests to ASP.NET in
  IIS6?
• Integrated Pipeline is much faster than an IIS6
  scriptmap solution
• Try together with IIS7 URL Authorization.

24
Performance Best Practices

• PHP applications?
• PHP on top of FastCGI is much faster than
  traditional CGI
• The majority of your requests go to your Default
  Document?
• Put it on top of the list
• Otherwise IIS7 has to check every time
• Static default documents will be cached in
  kernel-mode
• Looking for tools to measures web server
  performance?
• Try WCAT 6.3 from www.iis.net/downloads

25
IIS Summary

• Better compression for static and dynamic
  content, as well as output caching
• Kernel-mode improvements
• Security by default with application isolation
  and built-in accounts and groups
• Best practices for IT pros like putting default
  documents at the top of the list
• Improved scalability for multi-tenancy scenarios
  (high site density)
• Improved support for application frameworks like
  PHP and Python with FastCGI

26
TechNet Plus
TechNet Plus is an essential premium web-enabled
and live support resource that provides IT
Professionals with fast and easy access to
Microsoft experts, software and technical
information, enhancing IT productivity, control
and planning.
Evaluate Learn
Plan Deploy
Support Maintain

• Evaluate full versions of all Microsoft
  commercial software for evaluationwithout time
  limits. This includes all client, server and
  Office applications.
• Try out all the latest betas before public
  release
• Keep your skills current with select Microsoft
  E-Learning courses free each quarter

• Use the TechNet Library to plan for deployment
  using the Knowledge Base, resource kits, and
  technical training
• Use exclusive tools like System Center Capacity
  Planner to accurately plan for and deploy
  Exchange Server and System Center Operations
  Manager
• Stay informed with your free subscription to
  TechNet Magazine.

• 2 complimentary Professional Support incidents
  for use 24/7 (20 discount on additional
  incidents)
• Access over 100 managed newsgroups and get next
  business day response--guaranteed
• Use the TechNet Library to maintain your IT
  environment with security updates, service packs
  and utilities

Get all these resources and more with a TechNet
Plus subscription. For more information visit
technet.microsoft.com/subscriptions
CODE TMSAM12