Exchange SQL And IIS- P144 pptx
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (256.29 KB, 5 trang )
692 Chapter 12 • Getting Started with IIS 7.0
IIS 6.0 versus IIS 7.0: The Delta
IIS 6.0 was a monumental step forward for the Web platform for Windows. At the highest priority
stood security, followed by reliability and scalability. With IIS 7.0, Microsoft stood true to all of these
important areas and delivered a rock-solid product; however, as with any release, there is still room for
improvement. The following sections help us to understand the differences between IIS 6.0 and IIS
7.0, why changes were made, and what the benefi ts are for customers.
The major differences between IIS 6.0 and IIS 7.0 are:
■
A modular core server consisting of simplifi ed setup and a unifi ed pipeline for request
execution
■
An all new delegatable, distributable confi guration system allowing non-administrators as
well as non-Windows credentials access to Web server confi guration
■
A completely rewritten IIS Manager that is task-oriented and extensible
■
An extensible WMI provider that offers native access to the new confi guration
as well as access via Windows PowerShell
■
A single, all-inclusive, command-line utility called AppCmd.exe that simplifi es
access to confi guration and state information (done in individual VBS fi les
with IIS 6.0)
■
An IIS and ASP.NET diagnostics engine that is extensible and allows granular access
to runtime-specifi c information about requests
■
A brand-new Failed Request Tracing feature to identify causes of request failures
Modular Core Server
The biggest change in architecture between IIS 6.0 and IIS 7.0 is the modular core server.
Remember that the core server in IIS 6.0 was monolithic and its installation was all or none.
In IIS 7.0 all of that changes. Figure 12.11 is a diagram of the modular core server in IIS 7.0.
As mentioned earlier, the new modular core allows administrators to load only what they
need. Figure 12.12 shows that modules can be completely uninstalled from the server at
any time.
Getting Started with IIS 7.0 • Chapter 12 693
Because of the changes made to the core server in IIS 7.0, the memory footprint is smaller and
the risk of loading unused code and it being available for exploitation is removed, along with
achieving better performance. The ability to customize server workload will reduce its attack surface.
Patching requirements are also minimized. When a patch was released in the IIS 6.0 monolithic
model, the entire core was re-done and sent out. Now only those modules that require patching will
receive them.
Figure 12.11 IIS 7.0 Modular Server Core
694 Chapter 12 • Getting Started with IIS 7.0
The new extensible APIs are a big improvement over the previous ISAPI model. Practically every
aspect of IIS provides extensibility, thus allowing developers to tailor the server to meet their own
needs, regardless of whether they use managed or native code. The new modular architecture has
allowed Microsoft to eliminate duplication, and as such, IIS 7.0 has a single pipeline for all code
regardless if whether it’s managed or native code.
Figure 12.12 IIS 7.0 Module Selection
NOTE
IIS 7.0’s new native API still requires users to know C\C++. Microsoft offers an
additional capability by allowing a developer to use managed code to interact
with the server.
Getting Started with IIS 7.0 • Chapter 12 695
Delegation: Less Is Often Better
In IIS 6.0, for a user to do any tasks on the server required administrative rights, which were a
security nightmare for server administrators. Now with IIS 7.0, administrators are able to delegate
tasks to users without leaving the door wide open. In IIS 7.0, administrators can delegate features in
IIS Manager to Web site and Web application administrators, allowing them to manage their sites and
applications remotely without having administrative access to the server.
BEST PRACTICES ACCORDING TO MICROSOFT
Microsoft recommends a strategy of starting with the minimum rights and working
up. It does not recommend opening rights up completely and later locking them
down. Doing so could cause applications to become unstable.
SOME INDEPENDENT ADVICE
Delegation creates a new culture in IT. When Active Directory came out, the ability to
delegate administrative tasks to users was possible. For users who had administrator
rights before delegation, it was considered a slap in the face. They felt as though
they were no longer trusted. Although delegation is a great security tool, be
prepared for the human factor, especially from those who used to have full
administrative rights.
Server administrators still have complete control over what management features are delegated to
application owners.
■
Feature Delegation The ability to confi gure which features of a Web site or application
to delegate to Web site and application administrators. Provides the ability to delegate
control of specifi c features to site or application administrators without having to provide
them with full administrative control of the server.
■
Administrators This feature allows server administrators the ability to create site and
application administrators. Server administrators include both the local server’s
administrators group and the members of the Domain Administrators group.
■
Management Service A management service for IIS 7.0 that enables server, site, and
application administrators the ability to connect to IIS 7.0 remotely using IIS Manager. It
also allows site and application administrators the ability to connect to IIS 7.0 on the server
locally, when they are a member of a Windows group.
Figure 12.13 shows the Feature Delegation screen from within the new IIS Manager.
696 Chapter 12 • Getting Started with IIS 7.0
Improved User Interface for Users,
Partners, and Microsoft
The interface in IIS has changed in version 7.0. It has become more task-oriented, helping
administrators do exactly what they want, and not forcing them to search for the correct tab or
control button. IIS Manager is extensible as is the rest of IIS 7.0. It allows you to administer most of
the features in IIS 7.0 and monitor the server’s operation. Administrators can manage both IIS and
ASP.NET confi guration settings, membership and user data, and runtime diagnostic information.
As seen in the previous section, the new interface can also be used to enable delegation. The new
IIS Manager can remotely manage servers via Hypertext Transfer Protocol Secure sockets (HTTPS),
therefore making remote management more secure friendly and not forcing IT administrators to
open additional ports on fi rewalls. The ports for HTTPS (443), which are required for remote IIS
Figure 12.13 Feature Delegation in IIS Manager
