Product Roadmap
Internet Information Services
(IIS) 7.0
Donovan Deakin
Internet Information Server
(IIS) 7 Overview
IIS 7 Themes
Why Host on IIS 7? Because IIS 7…
Ensures High Trust Levels
Enables Rich Customer Experiences
Reduces Customer Support Costs
Lowers IT Management Costs
Public Betas and Previews
Dates and Availability
IIS 7 Themes
Componentized extensible
Integrated delegated
Secure compatible supportable
Why Host On IIS 7?
IIS 7 ensures high trust levels…
By componentizing all features so Web
server attack surface can be fully
minimized
By unifying IIS and ASP.NET security
features so they apply for all types of
requests
IIS 5.1 Setup Components 8 Setup Components
Common FilesWWW ServiceScripts Directory
Remote Desktop
ActiveX
Printers Virtual
Directory
FrontPage 2000 Srv
Ext
Admin ToolFTP Service
Windows Process Activation Service
Common HTTP Web Server Components Management
Health &
Diagnostics
Security
IIS7 Setup Components 40 Setup Components
DirectoryListingModule
CustomErrorModule
StaticFileModule DefaultDocumentModule
HttpRedirect
BasicAuthModule
DigestAuthModule
WindowsAuthModule
CertificateAuthModule
AnonymousAuthModule
IPSecurityModule
UrlAuthorizationModule
RequestFilteringModule
HttpLoggingModule
CustomLoggingModule
RequestMonitorModule
HTTPTracingModule
ODBCLogging
LoggingLibraries
Application
Development
ISAPIModule
ISAPIFilterModule
CGIModule
ServerSideIncludeModule
NetFxExtensibility
ASP
ASP.NET
PerformanceHTTPStaticCompression
HTTPDynamicCompression
ManagementConsole
ManagementService
ManagementScripting
Metabase
WMICompatibility
LegacyScripts
LegacySnap-in
ConfigurationAPIProcessModel NetFxEnvironment
FTP
PublishingFTPServer
FTPManagement
High Trust Levels Through minimizing attack surface during installation of IIS
7.0 components
IIS 5.1 IIS 6.0 Apache 2.0 IIS7
Install Options 8 A few more ? 40
Default HTTP Components
Lots Lots, but disabled
? minimal
Modular setup enables minimal attack surface area
Five times more granular than IIS 5.1
Servicing and patching on a per component basis
If you don’t install it, you won’t need to secure it
Before: IIS6 And ASP.NET Have Separate
Pipelines
iiscore
cgistatic
file
Isapi
exts
Determine handler
handlers
Pre-proc headers
auth’c req
url map log
End net session
Isapi filter
notifications
aspnet_isapi
IHttpModule Events
url map
begin req
auth’c req
auth’z req
resolve cache
handler map
handler exec
update req cache
rel req state
end req
IHttpHandlers
Trace.axd *.aspx
http.sys
was
After: Merged IIS7/ASPNET Processing
begin
resolve cache
map handler
pre-execute handler
release state
log
end
digest auth
basic auth
IHttpModuleNative Module
native modules managed modules
role mgr
url auth’z
Native or Managed Handlers
*.aspx trace.axdisapi extstatic file
Unified pipeline
IHttpHandlerNative Handler
windows authforms auth
authorize
authenticate
was
http.sys
High Trust Levels Through unifying IIS and ASP.NET
security features to apply for all requests
ASP.NET modules can process
all requests
Ex: Forms authentication and role
management for static content
Unified IIS and ASP.NET consolidates security features
Ex: IIS 6.0, ASP.NET overlap = 9 authentication, 5 authorization
features → consolidates into 6 authentication modules and 3
authorization modules in IIS 7.0
Supports Windows and non-Windows users
Added Request filtering
URLScan functionality is built-in as a “front door”
Why Host On IIS 7?
IIS 7 enables rich customer
experiences…
By making ASP.NET modules first class
citizens in the request processing pipeline
By offering an extensible architecture where
custom modules are easy to implement
Deliver Rich Customer ExperiencesVia custom modules that replace or extend web server
functionality
Custom IIS 7 modules can deliver value across all sites
IIS 7 was specifically designed for extensibility
Modular core server, built on public extensibility APIs
Every aspect of request processing exposed
Configuration, administration, diagnostics are all extensible
Building custom modules is easy and fast
Both Native (C/C++) and Managed (C#, Visual Basic .NET)
development
Your modules have the same capability as ours
ISV community to support ecosystem of modules
Why Host On IIS 7?
IIS 7 lowers IT management costs…
By using an “opt-in” installation model so
only necessary features are patched and
managed
By simplifying site deployment and
configuration especially in Web farm
scenarios
By offering admin tools that were rewritten
from scratch with administrator efficiency
in mind
Lower IT Management CostsThrough simplified site configuration and deployment to Web farms
IIS 7 Configuration is efficient in high scale scenarios
Single configuration system for all Web technology
Use site’s Web.config file for IIS, ASP.NET and Indigo
settings
Same API and concepts used across entire platform
XCopy deploy sites to Web farms
Self-contained applications do not need to be configured
Store all code, content and configurations together in
site folder
Configuration is easy to read and edit
Clean, strongly typed schema
IIS 4, 5, 6 Administration Experience
IIS 7 Administration Experience
Lower IT Management Costs Through tools rewritten to improve administrator efficiency
IIS 7’s efficient management experience
Broad set of enhanced IIS management options
IIS Manager GUI, command line utility (appcmd.exe), WMI
providers, .config files
IIS Manager GUI is simpler and more consistent
IIS and ASP.NET integrated together
Security set in one place instead of four
Quickly enumerate 1000s of sites
Tool support for new IIS 7 experiences
Delegated Management, Remote Management
Fully Extensible
Why Host On IIS 7?
IIS 7 reduces customer support costs…
By providing management delegation that
empowers customers to be more
self-sufficient
By empowering administrators with
tools to diagnose and resolve site
failures rapidly
Reduce Customer Support Costs By delegating management directly to customers
Site delegation with IIS 7 is ideal for hosting
All site configurations can be delegated
Fine grain control on a per-site/per-app/per-config basis
Delegate with IIS Manager or directly in config files
Totally secure
Both IIS and ASP.NET settings can be delegated
Customers can leverage IIS Manager GUI remotely
Manage through proxies, over HTTP
Delegate read/write privileges of remote users
Administrator account on remote server is not required
Support for Windows and non-Windows credentials
Reduce Customer Support Costs By rapidly resolving site failures with powerful diagnostic tools
IIS 7.0 diagnostics expose all internal processing
Administrators have the power to…
Monitor currently executing requests in real-time
View the state of all sites, app pools and apps
Trace a request from start to finish
Enable automatic tracing for all “failed” requests
Extend application code with custom tracing
Diagnostics are fully supported by IIS management
IIS Manager, WMI, command-line, Windows Explorer
But Is IIS 7 Compatible
With Existing Systems?
IIS 7 smoothly supports legacy
technology…
By making upgrading simple through the
Operating System
By supporting all versions of ASP.NET
By ensure ISAPI ext/filters just work.
By permitting ABO, ADSI and WMI APIs
for config
Summary
Why host on IIS 7?
Minimized attack surface, Unified security → High Trust Levels
Broad Extensibility, Integration → Rich Customer Experiences
Improved Deployment, Tools → Lower IT Management Costs
Delegation, Diagnostics → Reduced Customer Support Costs
For More Information…
Discussion
IIS 7 Preview
To register for the IIS7 Preview Program,
go to: http://iis7preview.com
© 2007 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.