ALTE DOCUMENTE
|
||||||||
|
Microsoft Windows Server 2003 Deploying Internet Information Services (IIS) 6.0 |
A Resource Kit Publication
|
Microsoft Corporation |
Information in this document is subject to change without notice. Companies, names, and data used in examples herein are fictitious unless otherwise noted. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of Microsoft Corporation.
2003 Microsoft Corporation. All rights reserved.
Active Directory, ActiveX, FrontPage, JScript, Microsoft,
Microsoft Press, MS, MSDN, MS-DOS, Notepad, SQL Server, Visual Basic, Visual
Studio, Windows, Windows Media, Windows NT, and Win32 are registered
trademarks of Microsoft Corporation in the
Microsoft may have patents or pending patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. The furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property rights except as expressly provided in any written license agreement from Microsoft.
IBM is a registered trademar 16216g63q k of International Business Machines Corporation.
NetWare is a registered trademar 16216g63q k of the Novell Corporation.
Apple and Macintosh are registered trademar 16216g63q ks of the Apple Corporation.
ActivePerl is a registered trademar 16216g63q k of the ActiveState Corporation.
|
Document No. X09-16204 Printed in the |
|
Contents at a glance |
INTRODUCTION xix
CHAPTER 1 Overview of Deploying IIS 6.0 1
CHAPTER 2 Deploying ASP.NET Applications in IIS 6.0 15
CHAPTER 3 Securing Web Sites and Applications 41
CHAPTER 4 Ensuring Application Availability 107
CHAPTER 5 Upgrading an IIS Server to IIS 6.0 137
CHAPTER 6 Migrating IIS Web Sites to IIS 6.0 197
CHAPTER 7 Migrating Apache Web Sites to IIS 6.0 269
APPENDIX A IIS Deployment Procedures 311
APPENDIX B Changes to Metabase Properties in IIS 6.0 395
GLOSSARY 399
INDEX 425
|
Contents |
INTRODUCTION xix
Deployment Kit Compact Disc xx
Document Conventions xxi
Support Policy xxv
RD C:\\IIS6.0_Resource_Kit\\Deployment_Guide\\FINAL_HANDOFF\\iisDG_INT.doc \* MERGEFORMAT
RD C:\\IIS6.0_Resource_Kit\\Deployment_Guide\\FINAL_HANDOFF\\iisDG_NET.doc \* MERGEFORMAT
RD C:\\IIS6.0_Resource_Kit\\Deployment_Guide\\FINAL_HANDOFF\\iisDG_SEC.doc \* MERGEFORMAT
RD C:\\IIS6.0_Resource_Kit\\Deployment_Guide\\FINAL_HANDOFF\\iisDG_EAS.doc \* MERGEFORMAT
RD C:\\IIS6.0_Resource_Kit\\Deployment_Guide\\FINAL_HANDOFF\\iisDG_UPG.doc \* MERGEFORMAT
RD C:\\IIS6.0_Resource_Kit\\Deployment_Guide\\FINAL_HANDOFF\\iisDG_MEI.doc \* MERGEFORMAT
RD C:\\IIS6.0_Resource_Kit\\Deployment_Guide\\FINAL_HANDOFF\\iisDG_MEA.doc \* MERGEFORMAT
RD C:\\IIS6.0_Resource_Kit\\Deployment_Guide\\FINAL_HANDOFF\\iisDG_DEP.doc \* MERGEFORMAT
RD C:\\IIS6.0_Resource_Kit\\Deployment_Guide\\FINAL_HANDOFF\\iisDG_MPC.doc \* MERGEFORMAT
RD C:\\IIS6.0_Resource_Kit\\Deployment_Guide\\FINAL_HANDOFF\\iisDG_GLO.doc \* MERGEFORMAT
CHAPTER 1 Overview of Deploying IIS 6.0 1
Overview of Deploying an IIS 6.0 Web Server
Process for Deploying an IIS 6.0 Web Server
Deploying a New IIS 6.0 Web Server
Upgrading and Migrating a Server to IIS 6.0
Overview of IIS 6.0
IIS 6.0 Benefits and Features
Internet and Intranet Applications on IIS 6.0
Determining Application Compatibility with IIS 6.0
Moving from IIS 5.0 Isolation Mode to Worker Process Isolation Mode
Reviewing Application Isolation Modes
Benefits of Moving to Worker Process Isolation Mode
Security Enhancements
Performance and Scaling Enhancements
Availability Enhancements
CHAPTER 2 Deploying ASP.NET Applications in IIS 6.0
Overview of Deploying ASP.NET Applications in IIS 6.0
Process for Deploying ASP.NET Applications in IIS 6.0
Deploying the Web Server
Installing Windows Server 2003
Installing and Configuring IIS 6.0
Enabling ASP.NET in the Web Service Extensions List
Installing ASP.NET Applications
Creating Web Sites and Virtual Directories for each ASP.NET Application
Creating Web Sites and Home Directories
Creating Virtual Directories
Copying ASP.NET Application Content
Enabling Common Storage for
Selecting the Method for Maintaining and
Storing
ASP.NET Session State
Configuring
Configuring
Configuring Encryption and Validation Keys
Configuring ASP.NET Applications to Use
the
Appropriate Session State
Securing the
Completing the ASP.NET Application Deployment
Ensuring the Security and Availability of ASP.NET Applications
Verifying That the ASP.NET Applications Were Deployed Successfully
Backing Up the Web Server
Enabling Client Access
Additional Resources
CHAPTER 3 Securing Web Sites and Applications
Overview of the Securing Web Sites and Applications Process
Process for Securing Web Sites and Applications
Reducing the Attack Surface of the Web Server
Enabling Only Essential Windows Server 2003 Components and Services
Enabling Only Essential IIS Components and Services
Enabling Only Essential Web Service Extensions
Enabling Only Essential MIME Types
Configuring Windows Server 2003 Security Settings
Preventing Unauthorized Access to Web Sites and Applications
Storing Content on a Dedicated Disk Volume
Setting IIS Web Site Permissions
Setting IP Address and Domain Name Restrictions
Setting NTFS Permissions
Isolating Web Sites and Applications
Evaluating the Effects of Impersonation on Application Compatibility
Identifying the Impersonation Behavior for ASP Applications
Selecting the Impersonation Behavior for ASP.NET Applications
Configuring Web Sites and Applications for Isolation
Configuring User Authentication
Configuring Web Site Authentication
Selecting a Web Site Authentication Method
Configuring the Web Site Authentication Method
Configuring FTP Site Authentication
Encrypting Confidential Data Exchanged with Clients
Using SSL to Encrypt Confidential Data
Using IPSec or VPN with Remote Administration
Maintaining Web Site and Application Security
Obtaining and Applying Current Security Patches
Enabling Windows Server 2003 Security Logs
Enabling File Access Auditing for Web Site Content
Configuring IIS Logs
Reviewing Security Policies, Processes, and Procedures
Additional Resources
CHAPTER 4 Ensuring Application Availability
Overview of the Ensuring Application Availability Process
Process for Ensuring Application Availability
Establishing Application Availability Goals
Setting Service Availability Goals
Setting Request-Handling Goals
Configuring IIS 6.0 for Optimum Availability
Isolating Applications
Determining the Application Isolation Needs of Your Server
Creating Application Pools and Assigning Applications to Them
Recycling Worker Processes
Recycling by Elapsed Time 121
Recycling by Number of Requests
Recycling at Scheduled Times
Recycling on a Virtual-Memory Threshold
Recycling on a Used-Memory Threshold
Tuning Performance
Configuring Idle Time-out for Worker Processes
Configuring a Request Queue Limit
Configuring Web Gardens
Setting Processor Affinity on Servers with Multiple CPUs
Managing Application Pool Health
Configuring Worker Process Pinging
Configuring Rapid-Fail Protection for Worker Processes
Configuring the Startup Time Limit for Worker Processes
Configuring the Shutdown Time Limit for Worker Processes
Enabling Debugging for Application Pool Failures
Configuring Application Pool Identity
Testing Applications for Compatibility
Testing Applications for Compatibility with IIS 6.0
Testing Applications for Functional Compatibility with IIS 6.0
Additional Resources
CHAPTER 5 Upgrading an IIS Server to IIS 6.0
Overview of Upgrading an IIS Server to IIS 6.0
Process for Upgrading an IIS Server to IIS 6.0
Preparing to Upgrade
Determining Compatibility with Windows Server 2003
Identifying and Compensating for Changes to IIS6.0
Ensuring That the WWW Service is Enabled After Upgrade
Compensating for Changes to IIS Components
Determining Application Compatibility with
Worker Process Isolation Mode
Evaluating the Benefits of Worker Process Isolation Mode
Evaluating Application Changes Required
for
Worker Process Isolation Mode
Evaluating Management and Provisioning
Script Changes
Required for Worker Process Isolation Mode
Verifying Application Compatibility with
Worker Process Isolation Mode in a Lab
Determining Application Compatibility with the .NET Framework
Performing the Upgrade
Backing Up the Server
Verifying That Clients Are Not Accessing Web Sites
Preventing the WWW Service from Being Disabled
Modifying the Registry or Unattended Setup Script
Running the IIS Lockdown Tool
Upgrading the Server to IIS 6.0
Verifying That the Operating System Upgrade Was Successful
Backing Up the IIS 6.0 Metabase
Converting to Worker Process Isolation Mode
Documenting the Current Application Isolation Settings
Configuring IIS 6.0 to Run in Worker Process Isolation Mode
Configuring Application Isolation Settings
in
Worker Process Isolation Mode
Example: Converting to Worker Process Isolation Mode
Configuring IIS 6.0 Properties
Enabling the WWW Service
Configuring Web Service Extensions
Configuring MIME Types
Modifying References to IIS 6.0 Metabase Properties
Upgrading FrontPage Extended Web Sites
Determining Whether to Run the IIS Lockdown Tool and UrlScan
Making Security-Related Configuration Changes
Enabling Essential IIS Components and Services
Removing Unnecessary IIS Virtual Directories
Configuring the Anonymous User Identity
Configuring IIS 6.0 to Host ASP.NET Applications
Configuring IIS 6.0 to Use the Correct Version of the .NET Framework
Configuring the .NET Framework
Reviewing
How ASP.NET Applications Run In Each
Application Isolation Mode
Migrating
Machine.config Attributes to
IIS 6.0 Metabase Property Settings
Migrating Recycling-Related Attributes
Migrating Performance-Related Attributes
Migrating Health-Related Attributes
Migrating Identity-Related Attributes
Completing the Upgrade
Verifying That the Web Sites and Applications Run Properly
Backing Up the Server
Enabling Client Access
Additional Resources
CHAPTER 6 Migrating IIS Web Sites to IIS 6.0
Overview of Migrating IIS Web Sites to IIS 6.0
Process for Migrating IIS Web Sites to IIS 6.0
Preparing for Migration
Identifying Which Web Site and Application Components to Migrate
Determining Compatibility with Windows Server 2003
Determining Application Compatibility with
Worker Process Isolation Mode
Evaluating the Benefits of Worker Process Isolation Mode
Evaluating Application Changes Required
for
Worker Process Isolation Mode
Evaluating Management and Provisioning
Script Changes Required for
Worker Process Isolation Mode
Verifying Application Compatibility with
Worker Process Isolation Mode in a Lab
Determining Application Compatibility with the .NET Framework
Selecting a Migration Method
Identifying the Role of the IIS 6.0 Migration Tool
Migration Tasks That Are Automated by the IIS 6.0 Migration Tool
Migration Tasks That Must Be Completed Manually
Deploying the Target Server
Installing Windows Server 2003
Installing and Configuring IIS 6.0
Migrating Web Sites with the IIS 6.0 Migration Tool
Installing the IIS 6.0 Migration Tool
Verifying That Clients Are Not Accessing Web Sites
Running the IIS 6.0 Migration Tool
Verifying That the IIS 6.0 Migration Tool Ran Successfully
Migrating Additional Web Site Content
Migrating
Content Located Outside the
Home Directory of the Web Site
Migrating Content Located in Virtual Directories
Modifying
IIS 6.0 Metabase Properties That Reference the
Systemroot Folder
Migrating Web Sites Manually
Verifying
That Clients Are Not Accessing Web Sites Before a
Manual Migration
Creating Web Sites and Virtual Directories
Creating Web Sites and Home Directories on the Target Server
Creating Virtual Directories
Migrating Web Site Content
Configuring Web Site Application Isolation Settings
Documenting the Current Application
Isolation Settings on the
Source Server
Configuring Application Isolation Settings in IIS 5.0 Isolation Mode
Configuring Application Isolation Settings
in
Worker Process Isolation Mode
Configuring IIS 6.0 Properties
Configuring IIS 6.0 Properties That Reference Local User Accounts
Configuring Web Service Extensions
Configuring MIME Types
Migrating Server Certificates for SSL
Migrating FrontPage Users and Roles
Configuring IIS 6.0 to Host ASP.NET Applications
Configuring IIS to Use the Correct Version of the .NET Framework
Configuring the .NET Framework
Reviewing
How ASP.NET Applications Run in Each
Application Isolation Mode
Migrating
Machine.config Attributes to
IIS 6.0 Metabase Property Settings
Determining Whether to Run the IIS Lockdown Tool and UrlScan
Performing Application-Specific Migration Tasks
Modifying
Application Code for Compatibility with
Windows Server 2003 and IIS 6.0
Modifying
References to Windows Platform Components and
APIs No Longer Supported in Windows Server 2003
Modifying References to IIS 6.0 Metabase Properties
Modifying
Applications To Be Compatible with
Worker Process Isolation Mode
Installing Additional Software Required by Applications
Migrating MTS Packages, COM Objects, and COM+ Applications
Modifying ODBC Data Connection Strings and DSNs
Creating IP Addresses That Are Used by Applications
Creating Users and Groups That Are Used by Applications
Creating Registry Entries for Applications
Completing the Migration
Verifying That the Web Sites and Applications Migrated Successfully
Backing Up the Target Server
Enabling Client Access
Additional Resources
CHAPTER 7 Migrating Apache Web Sites to IIS 6.0
Overview of Migrating Apache Web Sites to IIS 6.0
Process for Migrating Apache Web Sites to IIS 6.0
Preparing for Migration
Determining Web Site Compatibility with IIS 6.0
Determining
Web Site Compatibility with
Worker Process Isolation Mode
Identifying the Role of the Migration Tool
Selecting a Migration Tool Installation Option
Source Server Installation Option
Target Server Installation Option
Intermediate Computer Installation Option
Deploying the Target Server
Installing Windows Server 2003
Installing IIS 6.0
Configuring the FTP Service
Performing the Migration
Installing the Migration Tool
Installing the Migration Tool on Computers Running Linux
Installing the Migration Tool on Computers Running Windows
Configuring the Target Server for Migration
Verifying that Clients Are Not Accessing Web Sites
Migrating Web Site Content
Migrating Web Site Configuration
Recovering from an Interruption in the Migration Process
Determining Cause of and Resolving Errors
Restarting the Migration Tool in Recovery Mode
Migrating Apache-Specific Extensions
Migrating Dynamic Content
Migrating Database Content and Connectivity
Migrating the Database Content
Migrating the Database Connectivity
Migrating External Modules
Configuring IIS 6.0
Configuring Web Service Extensions
Configuring MIME Types
Configuring Web Site Properties
Configuring Server Certificates for SSL
Backing Up the Target Server
Enabling Client Access After Migration
Additional Resources
APPENDIX A IIS Deployment Procedures
Assign Additional IP Addresses to a Network Adapter
Assign a Server Certificate to a Web Site
Back Up and Restore Registry Entries
Back Up and Restore the IIS Metabase
Back Up and Restore the Web Server to a File or Tape
Configure an ASP.NET Application for ASP.NET
Configure Anonymous User Identity
Configure a Web Site to be FrontPage Extended
Configure Application Identity for IIS 5.0 Isolation Mode 323
Configure Application Isolation Modes
Configure Application Isolation Settings for IIS 5.0 Isolation Mode
Configure Application Pool Health
Configure Application Pool Identity
Configure Application Pool Performance
Configure Application Pool Recycling
Configure FrontPage Server Roles
Configure FTP Server Authentication
Configure IIS Components and Services
Configure IP Address Assigned to Web Sites
Configure IP Address and Domain Name Restrictions
Configure MIME Types
Configure NTFS Permissions
Configure the State Service on the
Configure the Registry
Configure the Web Site Identification Number
Configure Web Server Authentication
Configure Web Service Extensions
Configure Web Site Permissions
Configure Windows Server 2003 Services
Convert Existing Disk Volumes to NTFS
Create a Service Account
Create A SQL Server Database for Storing
Create a Virtual Directory
Create a Web Site
Debug Application Pool Failures
Determine Web Sites Uniquely Identified by IP Addresses
Disable Network Adapters
Enable ASP.NET
Enable Logging
Enable Network Adapters
Enable Security Auditing
Enable the WWW Service After Upgrade
Enable Web Site Content Auditing
Export a Server Certificate
Gather and Display WWW Service Uptime Data
Grant User Rights to a Service Account
Install a Server Certificate
Install IIS 6.0
Install Subauthentication
Isolate Applications in Worker Process Isolation Mode
Make
a Service Account a Member of the
Local Administrators Group
Migrate CDONTS
Modify the IIS Metabase Directly
Monitor Active Web and FTP Connections
Pause Web or FTP Sites
Publish Web Site Content with FrontPage
Remove Virtual Directories
Request a Server Certificate
Secure the Root Folder of Each Disk Volume
Secure Windows Server 2003 Built-in Accounts
Set Processor Affinity
Stop the WWW Service
Upgrade FrontPage Extended Web Sites
View Application Isolation Configuration
View Web Site and Application Process Identities
APPENDIX B Changes to Metabase Properties in IIS 6.0
GLOSSARY
INDEX
Acknowledgments
Microsoft would like to thank the following people for their contributions:
Book Lead: Sharon Slade
Writers: Doug Steen, John Meade, Suzanne Girardot
Book Editor: Lara Ballinger
Editors: Lara Ballinger, Jim Becker, Bonnie Birger, Laura Graham, Janet Micka, Scott Turnbull
Documentation Managers: Pilar Ackerman, Louise Rudnicki
Editing Managers: Laura Graham, Jay Schram, Ken Western
Lab Management: Brent Hatfield, David Meyer, Shaun Searcy, Robert Thingwold, Todd Bryan-White, Frank Zamarron
Project Managers: Clifton Hall, Paulette McKay
Online Components Writer: Melissa Pearlstein
Online Components Editing Team: Nona Allison, Lara Ballinger, Ann Becherer, Janet Micka, Anika Nelson, Dee Teodoro
IIS Resource Kit Tools Program Manager: Alexis Eller
Publishing Team: Eric Artzt, Jon Billow, Chris Blanton, Eric Camplin, Marina Hayrapetyan, Jason Hershey, Heather Klauber, Richard Min, Patrick Ngo, Rochelle Parry, Mark Pengra, Steve Pyron, Ben Rangel, Gino Sega, Amy Shear, Karla van der Hoeven, Gabriel Varela, Erica Westerlund, Matt Winberry
Indexing Team: David Pearlstein, Lee Ross, Tony Ross
Technical Reviewers: Chris Achille, Chris Adams, Faith Allington, Brett Brewer, Jim Brotherton, Steve Connor, Bruno K. Da Costa, Andrew Cushman, Eric Deily, Thomas Deml, Cindy Du, Bhavesh Doshi, Wade Hilmo, Chad Hilton, Jeff Johnson, Jeff Kercher, Dan Kahler, Emily Kruglick, Wynne Leon, Vikas Malhotra, Bradley Millington, Asim Mitra, Andy Morrison, Erik Olsen, Ram Papatla, Anil Ruia, Stephane Saunier, Peter Schenk, Jemearl Smith, Bill Staples, Jeff Stucky, Anuraag Tiwari, David Wang, Ivo Zheglov
Special thanks to Martin DelRe and Bill Staples for their support and sponsorship. Without their contribution, the publication of this kit would not have been possible.
|
