Managing Web Server Modules in Internet Information Services (IIS) 7.0
Extensibility in IIS 7.0
On the Microsoft Internet Information Services (IIS) 7.0 team, there is a running joke that every release of IIS has to be a complete rewrite of the previous version. However, when looking at the history of the product, there have been strong reasons behind each of the rewrites. IIS 6.0, which was shipped with Windows Server 2003, was a complete rewrite of Windows XP’s IIS 5.1, in the wake of the infamous CodeRed and Nimbda security exploits that plagued it in the summer of 2001. The rewrite, focused on producing an extremely reliable, fast, and secure Web server, was an overwhelming success—as evidenced by the rock-solid reliability and security track record of IIS 6.0 to date.
IIS 7.0 is again a major rewrite of the Web server, but this time for a different reason—to transform the reliable and secure codebase of IIS 6.0 into a powerful next-generation Web application platform. To achieve this, the IIS 7.0 release makes a huge investment in providing complete platform extensibility. The result? The most full-featured, flexible, and extensible Web server that Microsoft has ever released.
The extensible architecture of IIS 7.0 is behind virtually all of the critical platform improvements delivered in this release. Almost all functionality of the Web server, starting with the run-time Web server features and ending with configuration and the IIS Manager features, can be removed or replaced by third parties. This enables customers to build complete end-to-end solutions that deliver the functionality needed by their applications.
What’s more, IIS 7.0’s very own feature set is built on top of the same extensibility model third parties can take advantage of to further customize the server. This is a key concept, because it insures that the extensibility model available to third parties is at least powerful and flexible enough to build any of the features that come in the box. It also provides a unified way to think about and manage Web server features, whether it be IIS 7.0 built-in features or those provided by third parties. This is the heart of the modularity of IIS 7.0. This modularity, together with the power of the extensibility model, enables you to turn your Web server into an efficient, specialized server that does exactly what you need and nothing more.
With IIS 7.0, you can for the first time:
Build a low-footprint, reduced attack surface area Web server optimized for a specific workload.
Replace any built-in feature with a custom feature developed in-house or by a third-party independent software vendor (ISV).
Build complete end-to-end solutions that integrate seamlessly into the Web server, including request processing functionality, configuration, diagnostics, and administration.
Though traditionally topics concerning extensibility have been reserved mostly for developer audiences, with IIS 7.0, they become a critical component of deploying and operating the Web server. Thus, they necessitate a solid level of know-how from the IT staff. The ability to properly deploy, configure, tune, and lock down the feature set that comprises the Web server is critical to achieving a functional, scalable, and secure IIS production environment. Properly taking advantage of the flexibility IIS 7.0 offers can allow you to reap huge benefits in achieving small-footprint, fast, and secure Web server deployments. On the other hand, the complexity introduced by this same flexibility must be managed correctly, so that you can guarantee proper operation and reduce the total cost of ownership for your Web server farm.
This chapter takes the IT professional’s perspective on the end-to-end extensibility platform provided by IIS 7.0. In this chapter, you will learn how to manage the modular feature set in IIS 7.0 to provide for an efficient, reliable, and secure IIS environment.
IIS 7.0 Extensibility Architecture at a Glance
The IIS 7.0 Web server platform is a complex system, including a number of parts necessary to operate, manage, and support Web applications running on top of it. This includes the Web server itself, the configuration system that supports the Web server and its features, the administration stack that provides an object model for managing the server, run-time state reporting application programming interfaces (APIs), and several management tools and APIs that expose the configuration and administration functionality to the user. Each of these subsystems provides a public extensibility layer and surfaces built-in functionality as modular components built on top of it. This design supports both server specialization as well as complete server customization via third-party additions or replacements to the built-in feature set. Figure 12-1 shows an overview of the extensibility architecture.
The main extensibility point lies in the Web server engine, which supports receiving HTTP requests, processing them (often with the help of application frameworks such as ASP.NET or PHP), and returning responses to the client. This is where most of the magic happens—IIS 7.0 ships with more than 40 Web server modules, which are responsible for everything from authentication, security, and response compression to performance enhancements and support for application frameworks such as ASP. These modules leverage one of the two run-time extensibility models provided by IIS 7.0—the new C++ core extensibility model or the integrated ASP.NET extensibility model—both of which provide the flexibility to replace any built-in IIS 7.0 functionality or add new functionality of their own.
Figure 12-1 IIS 7.0 extensibility across the Web server, configuration system, and IIS Manager.
However, as you know, IIS is more than just a run time for processing requests. It also provides a brand new distributed configuration system for configuring the functionality of the Web server and its modules, with many features designed to simplify configuration, allow delegated configuration for non-administrator, and xcopy-based deployment of configuration settings with applications. In the face of increasing Web server complexity, the configuration system is more critical than ever before, and it is required to support the multitude of unique configurations and operational requirements of modern applications.
The IIS 7.0 team designed its configuration system to meet many of these challenges and to allow third-party solutions to do so by leveraging configuration extensibility. Just like the Web server features themselves, the configuration components leverage the same configuration extensibility layer that can be used to create custom configuration for third party Web server modules. This means that any custom Web server module can easily expose its own configuration settings, which can then be stored in the same configuration files and managed with the same standard APIs and tools that are used with the rest of the IIS 7.0 configuration.
In addition to static file-based configuration, IIS 7.0 provides support for administration objects, which enable dynamic configuration or management functionality to be exposed through the IIS 7.0 configuration object model. This enables new IIS management objects to be added or custom management functionality to be exposed on existing IIS objects, such as the site or application pool object, and consumed by the standard APIs and tools. Again, the administration stack is extensible, and IIS administration objects leverage that very extensibility model themselves.
Finally, IIS Manager (which replaces the old Microsoft Management Console-based InetMgr.exe) provides its own extensibility to enable graphical user interface (GUI) management pages to be added into IIS Manager, thus benefiting from the navigation, delegation, and remote management capabilities.
Together, these extensibility mechanisms provide the foundation for end-to-end solutions that can be developed on IIS 7.0, where custom Web server features can also expose custom configuration and management functionality, as well as a GUI administration experience with IIS Manager.
The modular architecture serves as the foundation for many of the exciting new capabilities in IIS 7.0, from the ability to create specialized servers to securing and tuning server performance. However, it also exposes a fair amount of complexity to the administrator, which must be managed to harness the benefits of componentization. This moves the task of planning and managing extensibility to the IT domain, rather than being a developer-only task, as it has often been in the past. With this in mind, this chapter focuses on the key tasks around managing extensibility, rather than the information about developing extensibility components.
The first topic of interest is of course installing the extensibility components so that you can begin using them on the server. The built-in IIS 7.0 features are fully integrated with Windows Setup and can be installed using Server Manager on Windows Server 2008 and the Turn Windows Components On And Off UI on Windows Vista (you can learn more about this in Chapter 5, “Installing IIS 7.0”). Windows Setup implements all the information necessary to install and configure these components by using the IIS 7.0 configuration APIs. As such, these components typically do not require any additional work to be installed, although in some cases they may require additional configuration to control their availability to specific applications on the server.
However, this is not so for third-party components developed by ISVs or your own in-house development team. Without the support of Windows Setup, third-party components must be installed using the IIS 7.0 configuration directly. In doing so, it is often necessary to consider deployment and installation options that suit your component. In fact, because the ability to customize and tailor IIS 7.0 to the specific application solutions often relies on leveraging its modularity, the ability to properly install IIS 7.0 extensibility components and manage the enabled feature set on the server becomes critically important. Thankfully, IIS 7.0 provides a number of management tools that can be used to perform the installation tasks, and so armed with the proper know-how, you can become a pro at deploying IIS 7.0 extensibility. To that end, this chapter describes how to install and manage enabled Web server modules. You can learn how to manage configuration and IIS Manager extensions in Chapter 13, “Managing Configuration and User Interface Extensions.”
After covering initial deployment, you will also review common configuration and management tasks for each extensibility type. Though not always required, these tasks are often helpful to get your component to do exactly what you want in specific situations, and they include things such as insuring the correct execution order for your modules and enabling your modules to function correctly in a mixed 32-bit/64-bit environment. These tasks vary between the different extensibility types and are largely based on the developer’s experience developing and using the extensibility layers during the development of IIS 7.0.
IIS 7.0 continues the IIS 6.0 tradition of emphasizing security, providing additional lockdown by default, and introducing new security features to help you further secure your Web server assets. One of the powerful ways to improve your server’s security is to take advantage of componentization and remove all unused components, which will result in the smallest attack surface area possible for your server. When adding new components, then, you need to be aware of the resulting increase in the surface area of your server, and you must understand the security implications of the new code that is now running on your server. Proper understanding of the security impact of Web server components is critical to maintaining a secure operating environment and being able to take advantage of the functionality afforded by IIS 7.0 extensibility without compromising its security.
This chapter will cover what you need to know to securely deploy Web server modules and will review key security tactics you can use to lock down your server. You will also review the specific points to watch out for when configuring a shared hosting server or departmental server, which allows extensibility components to be published by nonadministrators. You can learn about securing configuration and IIS Manager extensions in Chapter 13.