Title: Internet Information Services Process Model Chris Adams IIS Technical Lead WA Microsoft Corporation
1Internet Information Services Process Model
Chris AdamsIIS Technical Lead WA Microsoft
Corporation
2WebCast TopicsProcess Model
- IIS 4.0
- In-Process
- Benefits
- Drawbacks
- Isolation (Separate Memory Space)
- Benefits
- Transaction Server Integration
- Advanced Security
- Drawbacks
- Performance
- Hardware Considerations
- IIS 5.0
- In-Process (inetinfo)
- Medium (Pooled)
- Benefits
- Application Isolation
- Stability
- Isolation (Separate Memory Space)
- ASP.NET and IIS 5.0
- Service Accounts and IIS
- In-Process
- System Account
- Configurable?
- Out of Process
- Component Services Integration
- Configurable Identity
- Performance Loss
- Considerations InProc vs. OOP
3IIS 4.0 Process Model Modes
- Microsoft IIS 4.0 (Windows NT Option Pack)
- Two modes
- In-process (Inetinfo.exe)
- Out-of-process (Mtx.exe)
The example shows a site running in-process. If
selected, the site or virtual directory would be
checked.
4IIS 4.0 Process Model In-Process
- Benefits
- Performance is fast
- Less variables to break
- Drawbacks
- InetInfo service is vulnerable to unexpected
shutdown
Example shows a site running out of process in a
process named "MTX".
5In-Process Model
Internet clients
- InetInfo
- W3SVC
- MSFTPSVC
- SMTPSVC
- NNTPSVC
- Metabase Loaded here
- ISAPI Filters Loaded here
- In-proc ISAPI handling
1
2
3
IIS 4.0 Server
One process InetInfo
6IIS 4.0 Process Model Isolation
- Integration with MTS
- Benefits
- Permits granular isolation from the site to the
virtual directory level - Runs as isolated individual process called MTX
- Drawbacks
- Performance
- Process delays between InetInfo and MTX
- WAM
- Maps requests to low or high isolation
7Out-of-Process Costs
5
Get Default.asp
Internet clients
MTX process
1
4
Metabase lookup ISAPI processing
2
InetInfo process
3
IIS 4.0/5.0 Server
Note Both InetInfo and MTX are running on the
same machine, and costs come in the form of CPU
cycles needed to switch from the InetInfo context
to the MTX context and back.
8Out-of-Process Entire Costs
Get Default.asp
Internet clients
MTX process
Inter-Process Call which is expensive on CPU
Metabase lookup ISAPI processing
InetInfo process
IIS 4.0/5.0 Server
Note Both InetInfo and MTX are running on the
same computer, and costs come in the form of CPU
cycles needed to switch from the InetInfo context
to the MTX context and back.
9Process Model IIS 5.0
- Three modes
- Low (IIS process)
- Medium (pooled)
- High (isolated)
- Low
- Process runs totally under identity of system
account - Excellent for troubleshooting IIS to COM errors
- Isolated processes uses COM
- Out of sync problems
10COM Integration
- Internals
- ASP thread pool (uses COM STA thread pool)
- ASP transactions (IIS utilities COM
application) - Out-of-process (medium or high)
- Process isolation for ISAPI
- By default, during installation, IIS creates
three packages - By default, processes created by IIS are run
under the identity of IWAM_MachineName - User identity is configurable
11Component Services Default Screen Shot
This is a screen shot of the component services.
With all default installations of IIS 5.0, three
applications are created IIS InProc Apps IIS
Out-of-process Pooled IIS Utilities
12Out-of-Process Application Properties Default
Screen Shot
- Clicking identity exposes the user account being
used to run the process - To run without error, the user identified here
needs the following minimium machine permissions - Log on locally
- Access this computer from the network
- Log on as a batch job
13Identity Configuration Screen Shot
- The configuration for the IIS out-of-process
pooled process is obtained by right-clicking and
selecting properties from the context menu - The Identity tab is where the process (dllhost)
service account is configured to run in the case
of IIS, this is the IWAM account
Is stored in the metabase
14Metabase Stored Data Screen Shot
Metabase Information Stored on COM Identity
- IIS stores the identity information that is to be
used in the metabase - This information can be obtained using the
ADSUtil or MetaEdit utilities - By default, the password is secured by the
ADSUtil utility and MetaEdit
15ASP.NET and IIS 5.0
- IIS in-process ISAPI applications
- Handled directly by InetInfo
- How does this differ from default handling?
- Inetinfo routes directly to ASPNET_WP.exe
- Is ASP.NET an in-process or out-of-proc ISAPI?
- An In-Proc ISAPI Application
- Is classic ASP an in-process ISAPI?
- ASP ISAPI can run either InProc or OOP
- If it is an in-process account, what account is
the ISAPI running under? - ASPNET User created during ASP.NET Framework
Install - Why is this important?
- To understand what is loaded and running in the
InetInfo process - Default in-process ISAPIs
16ASP.NET and IIS 5.0 (2)
17Process Considerations
- In-process is sufficient to use
- When hardware limitations restrict the system
from having good performance running
out-of-process - On IIS 4.0, only when application code or
third-party code has been thoroughly tested! - On IIS 5.0
- With enough power, most applications should stay
in the medium-pooled process - Keep in mind that making one call to one DLLHost
is better than one DLLHost calling another, and
another - When errors are occurring on the server
- It is frequently a good idea to isolate the
problem to IIS or COM by moving the site/virtual
directory in- or out-of-process - If breaking while InProc, take out-of-process
- If breaking while out-of-process, move InProc
18Process Considerations (2)
- Out-of-process should be used
- To isolate known problematic code
- On IIS 5.0
- Only isolate high volume using high isolated
- Leave most sites running in pooled memory space
- On IIS 4.0
- Troubleshooting or high volume sites are
typically the only reason to run in high
isolation
19- Thank you for joining us for todays Microsoft
Support - WebCast.
- For information about all upcoming Support
WebCasts - and access to the archived content (streaming
media - files, PowerPoint slides, and transcripts),
please visit - http//support.microsoft.com/webcasts/
- We sincerely appreciate your feedback. Please
send any - comments or suggestions regarding the Support
- WebCasts to supweb_at_microsoft.com.