Internet Information Services Process Model Chris Adams IIS Technical Lead WA Microsoft Corporation

1
Internet Information Services Process Model
Chris AdamsIIS Technical Lead WA Microsoft
Corporation
2
WebCast TopicsProcess Model

• IIS 4.0
• In-Process
• Benefits
• Drawbacks
• Isolation (Separate Memory Space)
• Benefits
• Transaction Server Integration
• Advanced Security
• Drawbacks
• Performance
• Hardware Considerations

• IIS 5.0
• In-Process (inetinfo)
• Medium (Pooled)
• Benefits
• Application Isolation
• Stability
• Isolation (Separate Memory Space)
• ASP.NET and IIS 5.0
• Service Accounts and IIS
• In-Process
• System Account
• Configurable?
• Out of Process
• Component Services Integration
• Configurable Identity
• Performance Loss
• Considerations InProc vs. OOP

3
IIS 4.0 Process Model Modes

• Microsoft IIS 4.0 (Windows NT Option Pack)
• Two modes
• In-process (Inetinfo.exe)
• Out-of-process (Mtx.exe)

The example shows a site running in-process. If
selected, the site or virtual directory would be
checked.
4
IIS 4.0 Process Model In-Process

• Benefits
• Performance is fast
• Less variables to break
• Drawbacks
• InetInfo service is vulnerable to unexpected
  shutdown

Example shows a site running out of process in a
process named "MTX".
5
In-Process Model
Internet clients

• InetInfo
• W3SVC
• MSFTPSVC
• SMTPSVC
• NNTPSVC
• Metabase Loaded here
• ISAPI Filters Loaded here
• In-proc ISAPI handling

1
2
3
IIS 4.0 Server
One process InetInfo
6
IIS 4.0 Process Model Isolation

• Integration with MTS
• Benefits
• Permits granular isolation from the site to the
  virtual directory level
• Runs as isolated individual process called MTX
• Drawbacks
• Performance
• Process delays between InetInfo and MTX
• WAM
• Maps requests to low or high isolation

7
Out-of-Process Costs
5
Get Default.asp
Internet clients
MTX process
1
4
Metabase lookup ISAPI processing
2
InetInfo process
3
IIS 4.0/5.0 Server
Note Both InetInfo and MTX are running on the
same machine, and costs come in the form of CPU
cycles needed to switch from the InetInfo context
to the MTX context and back.
8
Out-of-Process Entire Costs
Get Default.asp
Internet clients
MTX process
Inter-Process Call which is expensive on CPU
Metabase lookup ISAPI processing
InetInfo process
IIS 4.0/5.0 Server
Note Both InetInfo and MTX are running on the
same computer, and costs come in the form of CPU
cycles needed to switch from the InetInfo context
to the MTX context and back.
9
Process Model IIS 5.0

• Three modes
• Low (IIS process)
• Medium (pooled)
• High (isolated)
• Low
• Process runs totally under identity of system
  account
• Excellent for troubleshooting IIS to COM errors
• Isolated processes uses COM
• Out of sync problems

10
COM Integration

• Internals
• ASP thread pool (uses COM STA thread pool)
• ASP transactions (IIS utilities COM
  application)
• Out-of-process (medium or high)
• Process isolation for ISAPI
• By default, during installation, IIS creates
  three packages
• By default, processes created by IIS are run
  under the identity of IWAM_MachineName
• User identity is configurable

11
Component Services Default Screen Shot
This is a screen shot of the component services.
With all default installations of IIS 5.0, three
applications are created IIS InProc Apps IIS
Out-of-process Pooled IIS Utilities
12
Out-of-Process Application Properties Default
Screen Shot

• Clicking identity exposes the user account being
  used to run the process
• To run without error, the user identified here
  needs the following minimium machine permissions
• Log on locally
• Access this computer from the network
• Log on as a batch job

13
Identity Configuration Screen Shot

• The configuration for the IIS out-of-process
  pooled process is obtained by right-clicking and
  selecting properties from the context menu
• The Identity tab is where the process (dllhost)
  service account is configured to run in the case
  of IIS, this is the IWAM account

Is stored in the metabase
14
Metabase Stored Data Screen Shot
Metabase Information Stored on COM Identity

• IIS stores the identity information that is to be
  used in the metabase
• This information can be obtained using the
  ADSUtil or MetaEdit utilities
• By default, the password is secured by the
  ADSUtil utility and MetaEdit

15
ASP.NET and IIS 5.0

• IIS in-process ISAPI applications
• Handled directly by InetInfo
• How does this differ from default handling?
• Inetinfo routes directly to ASPNET_WP.exe
• Is ASP.NET an in-process or out-of-proc ISAPI?
• An In-Proc ISAPI Application
• Is classic ASP an in-process ISAPI?
• ASP ISAPI can run either InProc or OOP
• If it is an in-process account, what account is
  the ISAPI running under?
• ASPNET User created during ASP.NET Framework
  Install
• Why is this important?
• To understand what is loaded and running in the
  InetInfo process
• Default in-process ISAPIs

16
ASP.NET and IIS 5.0 (2)
17
Process Considerations

• In-process is sufficient to use
• When hardware limitations restrict the system
  from having good performance running
  out-of-process
• On IIS 4.0, only when application code or
  third-party code has been thoroughly tested!
• On IIS 5.0
• With enough power, most applications should stay
  in the medium-pooled process
• Keep in mind that making one call to one DLLHost
  is better than one DLLHost calling another, and
  another
• When errors are occurring on the server
• It is frequently a good idea to isolate the
  problem to IIS or COM by moving the site/virtual
  directory in- or out-of-process
• If breaking while InProc, take out-of-process
• If breaking while out-of-process, move InProc

18
Process Considerations (2)

• Out-of-process should be used
• To isolate known problematic code
• On IIS 5.0
• Only isolate high volume using high isolated
• Leave most sites running in pooled memory space
• On IIS 4.0
• Troubleshooting or high volume sites are
  typically the only reason to run in high
  isolation

19

• Thank you for joining us for todays Microsoft
  Support
• WebCast.
• For information about all upcoming Support
  WebCasts
• and access to the archived content (streaming
  media
• files, PowerPoint slides, and transcripts),
  please visit
• http//support.microsoft.com/webcasts/
• We sincerely appreciate your feedback. Please
  send any
• comments or suggestions regarding the Support
• WebCasts to supweb_at_microsoft.com.