Top 10 Changes in IIS 7.0

Install only the IIS components needed to run your site

Example:

start /w pkgmgr /l:log.etw /iu:IIS-WebServerRole;IIS-WebServer;IIS-CommonHttpFeatures;IIS-StaticContent;IIS-DefaultDocument;IIS-DirectoryBrowsing;IIS-HttpErrors;IIS-HttpRedirect;IIS-ApplicationDevelopment;IIS-ASPNET;IIS-NetFxExtensibility;IIS-ASP;IIS-ISAPIExtensions;IIS-ISAPIFilter;IIS-ServerSideIncludes;IIS-HealthAndDiagnostics;IIS-HttpLogging;IIS-LoggingLibraries;IIS-RequestMonitor;IIS-HttpTracing;IIS-Security;IIS-ClientCertificateMappingAuthentication;IIS-IISCertificateMappingAuthentication;IIS-RequestFiltering;IIS-IPSecurity;IIS-Performance;IIS-HttpCompressionStatic;IIS-HttpCompressionDynamic;IIS-WebServerManagementTools;IIS-ManagementConsole;IIS-ManagementScriptingTools;IIS-ManagementService;IIS-IIS6ManagementCompatibility;IIS-Metabase;IIS-WMICompatibility;IIS-LegacyScripts;IIS-LegacySnapIn;WAS-WindowsActivationService;WAS-ProcessModel;WAS-NetFxEnvironment;WAS-ConfigurationAPI

• Most (99%+) ASP and ASP.NET applications worked.

  • One application encountered breaking change
  • Handful of applications required config migration to run in Integrated

(We have about 260 applications running on www.microsoft.com as defined by IIS. There are thousands of pages of code that could have broken but did not.)

• Integrated Pipeline is the new unified request processing pipeline. Benefits include:

  • Allowing services provided by both native and managed modules to apply to all requests, regardless of handler. For example, managed Forms Authentication can be used for all content, including ASP pages, CGIs, and static files.
  • Empowering ASP.NET components to provide functionality that was previously unavailable to them due to their placement in the server pipeline. For example, a managed module providing request rewriting functionality can rewrite the request prior to any server processing, including authentication, takes place.
  • A single place to implement, configure, monitor and support server features. For example, single module and handler mapping configuration, single custom errors configuration, single URL authorization configuration.

• Classic ASP mode allows for easy app migration

  • ASP.NET Setup provides a "Classic .NET AppPool"
  • For more information, see the article ASP.Net Integration With IIS 7.0

• Use AppCmd to migrate apps to Integrated mode

  • %windir%\system32\inetsrv\APPCMD.EXE migrate config <Application Path>`
  • For more information about AppCmd.exe, see Getting Started With AppCmd.exe

• IIS 6.0 Metabase compatibility layer

  • Allows you the run old ADSI scripts
  • IIS 6.0 Metabase Compatibility module must be installed

• Clean clear-text schema

• IIS settings stored in XML configuration file (applicationHost.config)

  • Metabase exists for SMTP/NNTP/FTP only

• Site-wide changes made easily

  • Update central applicationHost.config and copy to all web servers
  • Replaces our bulky ADSI based script solution for metabase changes

• Microsoft.com considerations

  • Be careful copying to production servers under load. (When you push out a new applicationHost.config, your app pools and applications will be recycled. If you are heavily dependent on caching, then you could cause problems in your environment as the CLR reloads.)

• applicationHost.config stored on UNC share
• Allows us to copy to two (maybe four) servers rather than 80

Potential issue - managing password changes for account used to connect to config store. (This is because currently you cannot use the UNC share that is running under the Network service, which we use heavily. It currently requires a domain account, which our security policy mandates a periodic password change.)

• Admin can now delegate IIS settings to application owner

• Settings defined in web.config file in application directory

• Example of setting to delegate include:

  • System.webServer section of applicationHost.config
  • Caching, defaultDocument, httpErrors, security

For more information, see Delegated Configuration .

• Managing via the UI

  • New modular, task-based look and feel
  • Moving away from the right-click/properties paradigm

• Managing via the Command Line

  • AppCmd

• Command-line utility which replaces adsutil.vbs, iisapp.vbs, and others

• Allows command line management of sites, applications, vdirs, apppools, modules, tracing, and more Powershell

• IIS community creating IIS-specific Powershell cmdlets

• MSCOM Considerations

  • AppCmd limitations - no remote
  • No IIS provider for Powershell

• Buffers the trace events for requests and flushes them to disk if they meet your failure criteria

• Captures trace data while you are sleeping

• Very little perf impact when targeting failing requests

• Quick test: Enabling tracing for all file extensions and errors results in approx 5% fewer requests/second at full stress load (do not do this in production).

• View Currently Executing Requests via AppCmd

  • appcmd list requests (for all request)
  • appcmd list requests /apppool.name:DefaultAppPool

• New Task Scheduler

  • Trigger tasks on events

For more information, see Failed Request Tracing.

• No more URLScan

• </requestFiltering> settings in applicationHost.config

• Issue for Microsoft.com: If filename includes "+" then allowDoubleEscaping must be set to "true"

  • <requestFiltering allowDoubleEscaping="true">

• Allow or disallow specific file extensions and verbs

  • <add fileExtension=".exe" allowed="false" />

• DenyURLSequences

  • <add sequence="./" />
  • <add sequence="/." />

• RequestLimits

  • maxAllowedContentLength="1000000"
  • maxUrl="260"
  • maxQueryString="2048"

• Simplified content synchronization

• Reduced H/W footprint (potentially less cost)

  • Common industry pain point

• Fewer off-box calls to back end dependencies
• Significant performance gains
• Simple WCAT (Web Capacity Analysis Tool) Stress Test against www.microsoft.com/en/us/default.aspx

Not appropriate for all applications (e.g., not effective for those with very personalized output)