Thursday, February 26, 2009

About IIS 7.0 on Server Core Installations

IIS 7.0 Server Core

Updated: February 16, 2009

Server Core, the minimal server installation option for Windows Server® 2008, is available in Standard, Enterprise, and Datacenter editions. It supports a subset of the server roles available in full installations of the operating system; this subset includes the Internet Information Services (IIS) 7.0 Web Server. In a Server Core installation, only the services, roles, and features required for an installed role are installed. Since IIS 7.0 componentized architecture enables seamless integration with Server Core’s lean, configurable operating system, it makes the combination of Server Core and the IIS 7.0 Web Server the ultimate small-footprint Web server.

Running IIS 7.0 on Server Core provides a modular, customizable Web server on a thin server operating system. This makes it great for appliance-like environments, Web farm front-end servers, and Web sites, or applications that require minimal maintenance.

About IIS 7.0 on Server Core Installations

Running IIS on Server Core installations provides several key benefits. These benefits include the following:

  • Minimizing disk space and RAM requirements.
  • A small surface area that is less vulnerable to malicious attacks.
  • Fewer components to service, manage, and troubleshoot.

Server Core’s small footprint makes IIS running on Server Core lean and efficient; however, it also means that some IIS features found in full Windows Server installations are not available, for example:

  • Server Core has a limited graphical eser interface (GUI) that does not include the Windows Shell, so most operations require the use of the command-line interface. Because of this, IIS Manager and the other IIS administration tools are not available.
  • The Microsoft® .NET Framework is not available on Server Core installations; consequently, Microsoft® ASP.NET is also not available. However, ASP.NET is scheduled to be available as an optional configuration component for Server Core in Windows Server® 2008 R2.
  • The HTTP remote administration service relies on the .NET Framework so that it is also unavailable in an IIS installation that runs on Server Core. However, delegated administration through distributed Web.config files is supported. Therefore, users who have access to a content directory can publish IIS configuration settings for their Web sites or applications by using delegated administration and Web.config.
  • The ServerManagerCMD utility for installing viewing, adding, removing, and configuring server roles on full installations of Windows Server 2008 has been replaced by the OCLIST and OCSETUP command line utilities on Server Core.

Windows Server 2008 Server Core installations that run IIS 7.0 support several installation options including:

  • As a static content Web server that can serve HTML files, documents, and images.
  • With classic ASP support for processing server-side scripted ASP pages together with static content. The Classic ASP server configuration adds IIS modules for ASP, Request Filtering, and ISAPI extensions to the default Web server installation.
  • With CGI and ISAPI support for processing ISAPI extensions or Common Gateway Interface (CGI) programs.
  • With FastCGI support for processing languages that support FastCGI such as PHP.

Using IIS 7.0 on Server Core Installations

Because Server Core installations have a limited graphical user interface (GUI), options for installing, configuring, and managing IIS locally are primarily limited to the command-line interface (CLI). However, some useful GUI tools are included such as Task Manager, the Date and Time Control Panel, the Regional Settings Control Panel, and Windows Notepad. Aside from the lack of GUI management tools, all other features of IIS 7.0 on a Server Core installation operate as they ordinarily do on full installations of Windows Server 2008.

Managing IIS 7.0 on Server Core Locally

Despite the lack of a GUI, Server Core installations provide many utilities that help perform and automate server management tasks from the CLI. Options for installing, configuring, and, managing IIS locally from the CLI include the following:

  • The OCList command-line utility lists the server roles and optional features that are available for use with Ocsetup.exe, in addition to the roles and optional features that are currently installed.
  • OCSETUP is another command-line utility for viewing, adding, removing, and configuring server roles. OCSETUP can be used to add and remove server roles, and also to install and uninstall IIS components.
  • The IIS 7.0 command-line tool (AppCmd.exe) for configuring and managing server functionality.
  • A Windows® Management Instrumentation (WMI) provider with classes, methods, and properties used to configure IIS from scripts or executables.
  • The ApplicationHost.AdminManager (AHAdmin) COM application programming interfaces that are used to manipulate top-level server management objects and their properties.

Additionally, because IIS configuration information is stored in XML format, Windows Notepad can be used to edit configuration files.

Managing IIS 7.0 on Server Core Remotely

Server Core can be configured and managed from a remote computer by using Remote Desktop Protocol (RDP). Options for remotely configuring and managing IIS on a Server Core installation include the following:

  • Windows Remote Manager (WinRM) scripting objects, the WinRM command-line tool, or WinRS, the Windows Remote Shell command-line tool, can be used to run AppCmd.exe.
  • AppCmd.exe can also be used from the CLI by using Terminal Server and the Microsoft Management Console (MMC).
  • PowerShell with MWA Microsoft Web Administration (MWA), a managed code API for configuring and managing IIS 7.0.
  • WMI Scripts running from PowerShell or from the CLI by using Terminal Server.

Considerations for running IIS 7.0 on Server Core

Following is a list of items to consider when you deploy IIS on Server Core or migrate sites and applications from full Windows Server installations to Server Core installations:

  • Remove all .NET Framework dependencies.
  • Use OCSetup to remove unnecessary modules and reduce the server’s attack surface.
  • Always test applications after you add or remove modules.
  • Install security modules such as Request Filtering and URL authorization.
  • Enable and use features such as Failed Request Tracing to diagnose problems.
  • Design management tools to run remotely or automatically by using scripts that run without user interaction.
  • Remove prompts, such as "Press any key to continue,” especially those that are used with WS-Management and Windows Remote Shell.

Additional Resources

Additional resources for learning more about Server Core installations include the following:

Additional resources for learning more about how to run IIS 7.0 on Server Core installations include the following:

Additional resources for learning more about scripts and tools that are used to configure and manage IIS 7.0 on Server Core installations include the following:

 

No comments:

Post a Comment