An Introduction to Internet Information Services (IIS)
Microsoft’s integrated Web server, Internet Information Services (IIS) enables you to create and manage Web sites within your organization. It allows you to share and distribute information over the Internet or intranet. With Windows 2000 came Internet Information Services (IIS) 5.0 which was basically the fastest Web server at the time when Windows 2000 Server was introduced. IIS 5.0 was fully integrated with the Active Directory directory service. Because of this integration, and the additional features and enhancements introduced with IIS 5.0 you could create and deploy scalable and reliable Web applications, websites and Web clusters. This led to an improvement in security, administration, reliability, and performance in the Web environment. Windows XP Professional supports IIS 5.1. This version if IIS is a slightly enhanced version of IIS 5.
With the introduction of Windows Server 2003, came the advent of Internet Information Services (IIS) 6. IIS 6 is included with the 32-bit version and the 64-bit versions of the Windows Server 2003 Editions. IIS 6 include support for a number of protocols and management tools which enable you to configure the server as a Web server, File Transfer Protocol (FTP) server or a Simple Mail Transport Protocol (SMTP) server. The management tools included with Windows Server 2003 allow you to manage Internet Information Services on the Windows Server 2003 product platforms.
Understanding the Origins of Internet Information Services (IIS)
The first version of IIS, Internet Information Services (IIS) 1, was released for the Windows NT 3.51 Server platform, and included support for Hypertext Transfer Protocol (HTTP), File Transfer Protocol (FTP), Gopher, the Secure Sockets Layer (SSL) version 1 protocol, and Common Gateway Interface (GCI). When initially introduced, IIS signified Internet Information Server and not Internet Information Services. The name change to Internet Information Services only came about when IIS 5 was released with Windows 2000 Server. A few features included with IIS 1 are:
- IIS 1 could integrate with the Windows NT platforms.
- Virtual servers made it possible for multiple websites to be hosted one physical IIS computer, and virtual directories allowed you to store website content on a file server, and not on the actual Web server. This added security to a Web server implementation.
- Basic Authentication and Windows NT LAN Manager (NTLM) Challenge/Response Authentication were supported to enhance intranet security.
- SSL version 1 support made it possible to create secure e-commerce sites.
- Open Database Connectivity (ODBC) logging enabled you to monitor Web traffic and troubleshoot issues.
- Internet Server API (ISAPI) was supported for the writing of dynamic web applications, and enabled integration into static HTML pages.
The next IIS version, Internet Information Services (IIS) 2, was introduced with the Windows NT 4 Server platform. The features and enhancements included with this release of IIS 2 were:
- IIS was integrated with Windows NT Setup, and you could therefore be installed when you installed Windows NT.
- HTTP byte range was introduced, which enabled Internet Explorer to recover from interruptions and continue download.
- Because host names were supported with IIS 2, you could host multiple websites on one server through an IP address and TCP port 80.
- The logging of successful HTTP transactions and failed HTTP transactions enabled you to more efficiently troubleshoot Web server issues, and Internet communication issues.
- Key Manager could be used to create key pairs for digital certificates, for Secure Sockets Layer (SSL).
- The Index Server tool made it possible for users to execute full text queries of the web content hosted on IIS through content sarches.
- HTML Administrator, an ISAPI application allowed you to remotely administer the IIS server over the Internet using a web browser like Internet Explorer.
About 10 months after IIS was originally launched, Internet Information Services (IIS) 3 was launched.
- Key features introduced with IIS 3 were the introduction of Active Server Pages (ASP), and the IIS 3 speed enhancement over IIS 1.
- Active Server Pages (ASP) made it possible for developers to create dynamic web applications that used a standard web browser for a client interface for IIS. The web applications could include all the functionality of standard client/server applications.
- ASP included support for connectivity with databases using Microsoft’s ActiveX Data Objects (ADO) technology and ODBC.
- Microsoft’s new Visual Basic Scripting Edition (VBScript) and Jscript scripting languages, together with ODBC could be used to create ASP based websites which was a much more feasible solution to creating ISAPI applications with C++.
- Microsoft Visual InterDev was also included in IIS 3 for the development of Web applications with Visual Basic, Visual C++ and Visual J++.
- Microsoft NetShow was included to offer support for streaming audio and video.
- Microsoft Transaction Server (MTS) was introduced for distributed web applications.
With the release of Windows NT 4 Option Pack came Internet Information Services (IIS) 4. Windows NT 4 Option Pack included enhancements and features specific to the Windows NT 4 Server OS and IIS. These features and improvements are listed below:
- Microsoft Internet Explorer 4.01
- Microsoft Transaction Server (MTS) version 2. Version 1 was included in IIS 3.
- Index Server version 2 as well.
- Microsoft Certificate Server, for creating a public key infrastructure (PKI)
- Microsoft Message Queue Server (MSMQ), for asynchronous communications in distributed applications.
- Site Server Express 2, for managing web content on IIS computers
- SSL version 3 included support for 128-bit encryption.
- The HTTP 1.1 standard enhanced the reliability and effectiveness of HTTP transfers. HTTP 1.1 also improved the functionality of host headers.
- The IIS metabase was included in IIS 4 to store IIS configuration information. The metabase contains all the settings and configuration data for IIS.
- Microsoft Management Console (MMC) version 1.
- A new version of Internet Service Manager was implemented as a number of snap-ins for the Microsoft Management Console (MMC).
- HTML Administrator (HTMLA) enabled the browser based administration of IIS.
- Support was included for Simple Mail Transport Protocol (SMTP) and Network News Transport Protocol (NNTP).
- Personal Web Server (PWS) was included for Windows 95 platforms.
With the introduction of the Windows 2000 Server OS came the launch of Internet Information Services (IIS) 5. With IIS 5 came the name change from Internet Information Server to Internet Information Services. IIS included new features and enhancements which enabled administrators and Internet service providers (ISPs) to create scalable Web applications, Web sites, Web clusters, and a reliable Web environment. IIS 5 also included enhancements specific to security, administration and applications. The key features and enhancements included with IIS 5 are summarized below:
- Pooled Process was the application model introduced with IIS 5 which enabled multiple web applications to run in a shared memory space detached from the Inetinfo.exe’s In Process space.
- You could define the CPU share time for a Web site.
- IIS was integrated with the Active Directory directory service introduced in Windows 2000.
- Support for Web Distributed Authoring and Versioning (WebDAV) which allow users to edit, delete and move files and directories, and hare documents over the Internet.
- HTTP compression made it possible to transmit pages between the Web server and clients that support compression much faster.
- File Transfer Protocol (FTP) Restart improved on data transfer by resuming the downloading of a file from when interruption occurred in the data transfer process.
- Administration specific enhancements and features included with IIS 5 are listed below:
- With the introduction of IIS 5 came the capability of restarting IIS without necessitating a computer restart as well.
- Web-based administration tools enabled administrators to remotely administer the Web server using virtually any browser.
- Custom error messages enabled administrators to send a message to clients when HTTP errors or issues exist on the Web site.
- Terminal Services, introduced in Windows 2000 Server, allows you to remotely administer IIS and other Windows services.
- Security specific enhancements and features included with IIS 5 are listed below:
- Server-Gated Cryptography (SGC), a SSL extension enables stronger 128-bit encryption to be utilized.
- Digest Authentication improves security for user authentication over proxy servers and firewalls.
- IIS 5.0 is integrated with Kerberos version 5 authentication, and is used for authentication between computers running Windows 2000.
- IIS certificate storage in IIS 5 is integrated with Microsoft CryptoAPI (CAPI) storage.
- A number of new security wizards are introduced in IIS 5 as well, including:
- The Permissions Wizard, for configuring Web site access.
- The Web Server Certificate Wizard, for creating certificate requests and for the administration tasks of the certificates.
- The CTL (certificate trust lists) Wizard, for configuring CTLs. A CTL contains the trusted Certification Authorities (CAs) for a directory. Configuring CTLs is beneficial when ISPs that have multiple Web sites requiring a unique list of approved CAs for every site.
- Programmability specific enhancements and features included with IIS 5 are listed below:
- The features included for Active Server Pages (ASP) include:
- Enhanced error handling
- Windows Script Components
- Scriptless ASP
- Better flow control methods
- Integration with Extensible Markup Language (XML)
- Performance improved objects
- Active Directory Service Interfaces (ADSI) 2.0 enables greater flexibility for site configuration by adding custom objects and properties to the ADSI.
- The features included for Active Server Pages (ASP) include:
With the introduction of the Windows Server 2003 OS came the launch of Internet Information Services (IIS) 6. A few key features and enhancements included with IIS 6 are summarized below:
- IIS 6 is fully integrated with Windows Server 2003.
- IIS 6 is not by default installed, and ASP and FrontPage extensions are disabled. All permissions are set to high.
- IIS 6 architecture has been designed to move HTTP listening into the kernel for increased performance and reliability. This means that the handling of HTTP requests has been moved directly into the kernel.
- Incoming HTTP requests are handled by the http.sys kernel mode component, which means that a bigger number of HTTP requests can be handled by IIS 6 that what IIS 5 could handle.
- The IIS 5 compatibility mode, included with IIS 6 allows you to switch to IIS 5 when you have applications that only operate under IIS 5.
- Programmability specific enhancements include support for the latest web standards such as XML, IPv6 and SOAP.
- The IIS metabase is formatted and saved as a plain text file using the Extensible Markup Language (XML). In IIS 4 and IIS 5, the metabase was saved in the binary format. With IIS 6, you can use a text editor tool such as Notepad to edit the metabase file. You can also use Windows Management instrumentation (WMI) tools or Active Directory Services Interface (ADSI) scripts to change the metabase file.
- Whether changing the metabase file manually or programmatically, you no longer need to stop and restart IIS to perform any changes to the metabase file.
- The metabase history feature included in IIS 6 monitors changes made to the IIS metabase, and automatically saves backups of the metabase when changes are made to it.
- IIS 6 allows administrators to copy IIS configurations from one physical machine to a different machine through the use of ADSI scripts, WMI tools or the admin scripts provided by IIS 6.
- You can use the IIS Manager, or administration scripts to administer IIS.
- Digest Authentication can be used over proxy servers and firewalls.
- IIS 6 can also use Passport authentication because of its integration with Microsoft .NET Passport.
- You can use the Group Policy feature of Active Directory to further secure IIS.
IIS Architecture Prior to IIS 6
Before IIS 4, the architecture of IIS consisted of In Process processing. This meant that the Internet Services Application Programming Interface (ISAPI) DLLs executed within the inetinfo.exe service’s process.
With the launch of IIS 4, came the IIS metabase which stored IIS configuration settings and data. This meant that the IIS configuration settings were no longer stored in the Registry. Only a few settings, such as the keys used to start IIS remained in the Registry.
The IIS Admin Service, used for the management of the IIS metabase was included in IIS 4. IIS Admin Service is responsible for maintaining the IIS metabase, and for updating the Registry with the configuration settings for the other key IIS services, including the WWW service, FTP, NNTP and SMTP.
Another key architectural change included in IIS 4, was that IIS 4 could run applications Out of Process, or in process isolation. This improved the reliability of the Web environment within your organization because a single application failure no longer caused other applications and processes to fail on the server. You could configure applications that run Out of Process to start automatically when they fail. You could also start and stop applications running on the server, and not impact your other applications. When processes are run In Process, the whole Web server remained unavailable until it was rebooted or inetinfo.exe was restarted.
IIS 4 integration with Microsoft Transaction Server (MTS), and MTS’s Web Application Manager (WAM) component made it possible for applications to run Out of Process in isolated space. With IIS 4, applications were first setup to execute In Process. Only after the applications were installed could they be setup to execute Out of Process. This was done by navigating to the Properties dialog box of the virtual directory of the application, and then choosing the Run In Separate Memory Space (Isolated Process) checkbox.
In summary, IIS 4 provided the means for applications to run in either In Process or Out of Process.
A major disadvantage associated with applications executing Out of Process is that they run slower than applications which run In Process. For this reason, applications which were run Out of Process were mainly applications in the testing phase. It was also common to debug applications on IIS in Out of Process mode. Applications running Out of Process could also not communicate with other applications running on the identical machine, which obviously caused problems when certain applications needed to communicate with other applications.
With the launch of IIS 5 came the capability of running Web applications in the following modes:
- In Process: In this mode, applications run in the architecture of IIS 1 – IIS 3, which means that they run as a component of the main Web server process.
- Out of Process (Isolated): In this mode, applications run in isolation, in its dllhost.exe host process.
- Poole Process: Applications run as a pooled process, separate from inetinfo.exe, in the dllhost.exe COM+ host process. This is turn allows multiple ISAPI and ASP applications to interact or communicate. Web applications executing in Pooled Out of Process perform better than those applications running Out of Process (Isolated).
The major disadvantages associated with the IIS 5 architecture are listed below:
- Applications running in IIS Process executed In Process with the core Web server process which meant that while they performed optimally, an application failure could cause the entire Web server process to collapse.
- Applications running in the isolated Out of Process (Isolated) or Pooled Out of Process had poor performance repercussions. This basically means that out of process applications have a performance issue when they run on IIS 5.
The Key Differences between IIS 6 and IIS 5 Architecture
The main differences between IIS 6 and IIS 5 architecture is summarized below:
- IIS 6 architecture moves HTTP listening into the kernel for increased performance and reliability. This means that the handling of HTTP requests has been moved directly into the kernel.
- The WWW Service includes the new Web Administration Service (WAS).
- The applications models supported in IIS 6 are:
- Worker process isolation mode isolates all developer application code from the main IIS services.
- II5 isolation mode, for backward compatibility for IIS 5 applications.
- IIS 6 includes support for multiple application pools, and each application pool can operate in isolation of the other application pools.
Main Components of IIS 6
With IIS 6, HTTP listening and routing is moved to the Kernel Mode HTTP Listener component which is put in operation through the http.sys kernel mode device driver. Http.sys operates within the Windows Server 2003 TCP/IP network subsystem, in the TCP/IP stack of Windows Server 2003. Http.sys listens for HTTP requests wanting to establish connections with addresses and port numbers of websites hosted on IIS. The responsibilities of http.sys are summarized below:
- Listen for, and route HTTP requests to the appropriate worker process. Application code run in user mode processes which are referred to as worker processes. Multiple worker processes usually run simultaneously to handle pools of applications.
- Receives HTTP responses from the IIS worker processes and sends them to the client. Http.sys does not actually process the HTTP requests but forwards it to the correct IIS worker process for processing.
- With IIS 6, an application pool is associated with a kernel mode queue to which http.sys routes HTTP requests.
- Cache HTTP responses for static content and dynamic content through a kernel mode cache.
- Manage TCP connections for HTTP requests and responses.
- Manage bandwidth throttling
- Responsible for text based logging for the WWW Publishing service.
- Manage connection limits and connection timeouts.
The implementation of the Kernel Mode HTTP Listener component through the http.sys kernel has led to the following benefits.
- Processes that execute in kernel mode have a higher priority than any user mode processes, which means that http.sys improves on the processing time of HTTP requests.
- Http.sys can continue to listen for, and queue HTTP requests in cases where the actual Web application for the requests is down.
With IIS 6, the IIS Admin Service manages the IIS metabase, and updates the Registry with the configuration settings for the other key IIS services, including the WWW service, FTP service, NNTP service and SMTP service.
The Web Administration Service (WAS) component of IIS 6 handles the creation of websites on IIS 6; and consists of the two components listed below. It is implemented as a DLL within the svchost.exe host process.
- Configration Manager, duties include:
- Store and retrieve configuration data from the IIS metabase.
- Initializes the namespace routing table at startup for http.sys. An entry is created in the routing table for each application pool.
- Notifies http.sys when the http.sys routing table needs updates made to it. The routing table needs to be updated when new application pools are created for new Web applications.
- Application Pool Manager, duties for managing the IIS worker processes include:
- Start, stop, restart and recycle worker processes
- Monitor worker processes
A worker process in IIS 6 is a process wherein user developed Web application code runs. A worker process is actually a host process, called w3wp.exe. Worker processes process the user requests received from the http.sys queues. The worker processes also returns a static page or dynamic page to the requesting client through http.sys. A worker process can host the following:
- ASP applications
- ISAPI applications and filters
- CGI applications
- Static content
An application pool consists of the following components:
- A kernel mode http.sys request queue
- A single instance of or multiple instances of w3wp.exe – worker processes.
In IIS 6, applications can run in different configurations:
- An application pool has one worker process that hosts the single Web application which in turn is isolated from other applications through process boundaries.
- An application pool has one worker process hosting two or numerous Web applications.
- An application pool has numerous worker processes hosting multiple Web applications. This configuration concept is called a Web garden and is a new IIS feature.
Logging of HTTP requests with the earlier versions of IIS included the text file formats listed below. You could also log requests to an ODBC database. Logging was handled by the inetinfo.exe process.
- NCSA standard format
- W3C Extended format
- Native IIS format
With IIS 6, logging is handled by the Kernel Mode HTTP Listener, and ODBC logging is handled by worker processes. This in turn leads to better performance.
The kernel mode cache is managed by http.sys for static and dynamic content. When http.sys detects a HTTP request, it checks the cache first, and retrieves the page from the cache. This takes place in kernel mode, which means that performance is greatly enhanced for cached content.
When a client requests an ASP page, the ASP code is compiled into an ASP template, which gets cached in the in-memory cache. These templates are cached so that they can be used again. With IIS 6, the oldest templates in the in-memory cache are cached offline (on disk) when the memory cache is full. IIS 6 can store 250 templates in-memory. The in-memory cache of IIS 6 can be configured to use 64GB of physical memory.
Worker Process Isolation Mode – IIS 6 Application Mode
Worker process isolation mode is the primary application mode used in IIS, and includes the application pools, worker processes, health monitoring, and all other IIS 6 specific architectural elements. The characteristics of worker process isolation mode are:
- An application pool can have one or multiple web applications.
- The worker processes handles the HTTP requests from the queue.
- An application pool can contain one worker process or multiple worker processes (Web garden).
- Each application pool has an associated kernel mode queue in http.sys.
- A single application failure does not result in multiple applications failing.
- ASP applications, ASP.NET applications and ISAPI extensions are loaded into the worker processes.
- Inetinfo.exe manages the metabase and the FTP Service, SMTP Service and the NNTP Service.
- Web Administration Service (WAS) manages the application pools and worker processes.
The process that occurs when a client sends a HTTP request is listed below:
- Http.sys listens for and discovers the client’s HTTP request.
- If the request is invalid, an HTTP error code is returned to the client by http.sys.
- If the request is valid, http.sys first checks the kernel mode response cache to ascertain whether the page which the client requested is cached.
- If the requested page is in the cache, it is immediately returned to the client.
- The request is routed to the kernel mode queue of the application pool by http.sys.
- A worker process of the application pool takes the request from the kernel mode cache.
- The worker process sends the response to the client through http.sys.
- Http.sys caches the response.
IIS 5 Isolation Mode – IIS 6 Application Mode
IIS 6 can run in IIS 5 isolation mode to enable backward compatibility for applications that do not function correctly on IIS 6. Applications that usually need IIS 6 running in IIS 5 isolation mode are:
- Applications that call processes which do not reside in the application pool associated with the application.
- Other than for ASP.NET applications, all other applications that requires to persevere session state information.
- ISAPI applications which load multiple times and run in tandem; and ISAPI filters performing read raw data filtering.
The IIS 6 architectural elements that are not available when IIS 6 runs in IIS 5 isolation mode are:
- Web gardens
- Health detection
- Processor affinity
- Process recycling
- Rapid fail protection
The Main IIS Supported Protocols and Services
IIS supports a few key protocols and services, which are:
- World Wide Web (WWW) service, used to connect HTTP requests from IIS clients to IIS websites. The service is also used to publish Web services.
- Hypertext Transfer Protocol (HTTP) is a TCP/IP application layer protocol, and is used to connect to websites, and to create Web content. HTTP handles the publishing of static and dynamic Web content. A HTTP session consists of a connection, a HTTP request and a HTTP response
- Port 80 is used for HTTP connections. The client establishes a TCP connection to the server by using a TCP three way handshake.
- After the connection is established, the client sends a HTTP GET request message to the server.
- The server sends the client the requested Web page.
- HTTP Keep-Alives maintains the TCP connection between the client and server if it is enabled, so that the client can request additional pages.
- If HTTP Keep-Alives is not enabled, the TCP connection is terminated after the requested page is downloaded.
- File Transfer Protocol (FTP) is a TCP/IP application layer protocol, and is used for copying files to and from remote systems through the Transmission Control Protocol (TCP). FTP makes it possible for clients to upload and download files from a FTP server over an internetwork. Through IIS, you can create and administer FTP servers. You need an FTP server and FTP client to use the protocol. A FTP session has a connection, a request, and a response.
- The client establishes a TCP connection to the FTP server through port 21.
- A port number over 1023 is assigned to the client.
- The client sends a FTP command to port 21.
- If the client needs to receive data, another connection is created with the client, to convey the data. This connection utilizes port 20.
- The second connection remains in a TIME_WAIT state after the data is transferred to the client. The TIME_WAIT state makes it possible for additional data to be transferred. The TIME_WAIT state ends when the connection timeout.
IIS Admin Service, used for the management of the IIS metabase. It updates the Registry with the configuration settings for the other key IIS services, including the WWW service, FTP service, NNTP service and SMTP service.
- Simple Mail Transfer Protocol (SMTP) is a TCP/IP application layer protocol used for routing and transferring e-mail between SMTP hosts on the Internet. It is a client/server and server/server protocol.
- Network News Transfer Protocol (NNTP) is a TCP/IP application layer protocol used to send network news messages to NNTP servers and NNTP clients on the Internet. It is a client/server and server/server protocol. The NNTP protocol enables a NNTP host to replicate its list of newsgroups and messages with another host through newsfeeds, using a push method or a pull method. A NNTP client can establish a connection with a NNTP host to download a list of newsgroups, and read the messages contained in the newsgroups.
- Secure Sockets Layer (SSL) version 3, used to encrypt HTTP and NNTP authentication data and transmission data through public key cryptography
- Lightweight Directory Access Protocol (LDAP) is used by the Simple Mail Transfer Protocol (SMTP) service to access data in the directory service.
- Transport Layer Security (TLS), used to encrypt SMTP data transmissions.
- Multipurpose Internet Mail Extensions (MIME), used to transmit file formats to HTTP clients. The HTTP service uses MIME.