IIS 7.0: Deployment Guide

IIS 7.0: Deployment Guide

Welcome to deploying Internet Information Services (IIS) 7.0.

IIS 7.0 provides the services to support a secure, available, and scalable Web server on which to run your Web sites and applications. This guide provides prescriptive, task-based, and scenario-based guidance to help you design an IIS 7.0 solution that meets the specific needs of your organization. Deployment scenarios include setting up a static content Web server, installing FastCGI for your CGI-based applications such as PHP, using Windows SharePoint Services 3.0 on IIS 7.0, and upgrading to IIS 7.0 on Windows Server® 2008.

This guide contains the following sections:

IIS 7.0: Deploying an IIS 7.0 Web Server

IIS 7.0: Upgrading to IIS 7.0 on Windows Server 2008

 

About IIS 7.0 on Server Core Installations

IIS 7.0 Server Core

Updated: February 16, 2009

Server Core, the minimal server installation option for Windows Server® 2008, is available in Standard, Enterprise, and Datacenter editions. It supports a subset of the server roles available in full installations of the operating system; this subset includes the Internet Information Services (IIS) 7.0 Web Server. In a Server Core installation, only the services, roles, and features required for an installed role are installed. Since IIS 7.0 componentized architecture enables seamless integration with Server Core’s lean, configurable operating system, it makes the combination of Server Core and the IIS 7.0 Web Server the ultimate small-footprint Web server.

Running IIS 7.0 on Server Core provides a modular, customizable Web server on a thin server operating system. This makes it great for appliance-like environments, Web farm front-end servers, and Web sites, or applications that require minimal maintenance.

About IIS 7.0 on Server Core Installations

Running IIS on Server Core installations provides several key benefits. These benefits include the following:

• Minimizing disk space and RAM requirements.
• A small surface area that is less vulnerable to malicious attacks.
• Fewer components to service, manage, and troubleshoot.

Server Core’s small footprint makes IIS running on Server Core lean and efficient; however, it also means that some IIS features found in full Windows Server installations are not available, for example:

• Server Core has a limited graphical eser interface (GUI) that does not include the Windows Shell, so most operations require the use of the command-line interface. Because of this, IIS Manager and the other IIS administration tools are not available.
• The Microsoft® .NET Framework is not available on Server Core installations; consequently, Microsoft® ASP.NET is also not available. However, ASP.NET is scheduled to be available as an optional configuration component for Server Core in Windows Server® 2008 R2.
• The HTTP remote administration service relies on the .NET Framework so that it is also unavailable in an IIS installation that runs on Server Core. However, delegated administration through distributed Web.config files is supported. Therefore, users who have access to a content directory can publish IIS configuration settings for their Web sites or applications by using delegated administration and Web.config.
• The ServerManagerCMD utility for installing viewing, adding, removing, and configuring server roles on full installations of Windows Server 2008 has been replaced by the OCLIST and OCSETUP command line utilities on Server Core.

Windows Server 2008 Server Core installations that run IIS 7.0 support several installation options including:

• As a static content Web server that can serve HTML files, documents, and images.
• With classic ASP support for processing server-side scripted ASP pages together with static content. The Classic ASP server configuration adds IIS modules for ASP, Request Filtering, and ISAPI extensions to the default Web server installation.
• With CGI and ISAPI support for processing ISAPI extensions or Common Gateway Interface (CGI) programs.
• With FastCGI support for processing languages that support FastCGI such as PHP.

Using IIS 7.0 on Server Core Installations

Because Server Core installations have a limited graphical user interface (GUI), options for installing, configuring, and managing IIS locally are primarily limited to the command-line interface (CLI). However, some useful GUI tools are included such as Task Manager, the Date and Time Control Panel, the Regional Settings Control Panel, and Windows Notepad. Aside from the lack of GUI management tools, all other features of IIS 7.0 on a Server Core installation operate as they ordinarily do on full installations of Windows Server 2008.

Managing IIS 7.0 on Server Core Locally

Despite the lack of a GUI, Server Core installations provide many utilities that help perform and automate server management tasks from the CLI. Options for installing, configuring, and, managing IIS locally from the CLI include the following:

• The OCList command-line utility lists the server roles and optional features that are available for use with Ocsetup.exe, in addition to the roles and optional features that are currently installed.
• OCSETUP is another command-line utility for viewing, adding, removing, and configuring server roles. OCSETUP can be used to add and remove server roles, and also to install and uninstall IIS components.
• The IIS 7.0 command-line tool (AppCmd.exe) for configuring and managing server functionality.
• A Windows® Management Instrumentation (WMI) provider with classes, methods, and properties used to configure IIS from scripts or executables.
• The ApplicationHost.AdminManager (AHAdmin) COM application programming interfaces that are used to manipulate top-level server management objects and their properties.

Additionally, because IIS configuration information is stored in XML format, Windows Notepad can be used to edit configuration files.

Managing IIS 7.0 on Server Core Remotely

Server Core can be configured and managed from a remote computer by using Remote Desktop Protocol (RDP). Options for remotely configuring and managing IIS on a Server Core installation include the following:

• Windows Remote Manager (WinRM) scripting objects, the WinRM command-line tool, or WinRS, the Windows Remote Shell command-line tool, can be used to run AppCmd.exe.
• AppCmd.exe can also be used from the CLI by using Terminal Server and the Microsoft Management Console (MMC).
• PowerShell with MWA Microsoft Web Administration (MWA), a managed code API for configuring and managing IIS 7.0.
• WMI Scripts running from PowerShell or from the CLI by using Terminal Server.

Considerations for running IIS 7.0 on Server Core

Following is a list of items to consider when you deploy IIS on Server Core or migrate sites and applications from full Windows Server installations to Server Core installations:

• Remove all .NET Framework dependencies.
• Use OCSetup to remove unnecessary modules and reduce the server’s attack surface.
• Always test applications after you add or remove modules.
• Install security modules such as Request Filtering and URL authorization.
• Enable and use features such as Failed Request Tracing to diagnose problems.
• Design management tools to run remotely or automatically by using scripts that run without user interaction.
• Remove prompts, such as "Press any key to continue,” especially those that are used with WS-Management and Windows Remote Shell.

Additional Resources

Additional resources for learning more about Server Core installations include the following:

• A Beginners Guide to Server Core
• Server Core Installation Option of Windows Server 2008 Step-By-Step Guide
• Functions supported on Server Core installations

Additional resources for learning more about how to run IIS 7.0 on Server Core installations include the following:

• IIS 7.0: Web Server Resources
• Getting Started with IIS on Server Core
• Administering IIS 7.0 on Server Core Installations of Windows Server 2008

Additional resources for learning more about scripts and tools that are used to configure and manage IIS 7.0 on Server Core installations include the following:

• OCSetup Command-Line Options
• Getting Started with AppCmd.exe
• Using WMI to Configure IIS
• Windows Powershell The WMI Connection

 

Windows 2008 Server - IIS 7.0 Resources

IIS 7.0: Web Server Resources

Updated: February 2, 2009

Use the following resources to learn more about Internet Information Services (IIS) 7.0, which is the Web server role in Windows Vista® and Windows Server® 2008.

Evaluation

Changes in Functionality from Windows Server 2003 with SP1 to Windows Server 2008: Web Server (IIS) Role

Describes the important changes to and functionality available in IIS 7.0.

Overview of Available Features in IIS 7.0

Describes the IIS features that are available in each version of Windows Vista and Windows Server 2008.

Virtual IIS 7.0 Labs

Provides virtual labs that let you try IIS 7.0.

Getting Started

Common Administrative Tasks

Provides links to common tasks that help you configure your Web server.

IIS Administration Tools

Provides information about the administration tools that are available to configure the Web server.

Planning and Architecture

Introduction to IIS 7.0 Architecture

Provides technical reference about IIS 7.0 architecture, including information about services, modules, and Web server extensibility.

ASP.NET Integration with IIS 7.0

Describes how ASP.NET has been integrated with IIS features in IIS 7.0.

Introduction to ApplicationHost.config

Provides information about ApplicationHost.config, the new root configuration file in IIS 7.0.

Deep Dive into IIS 7.0 Configuration

Provides technical reference about the new configuration system in IIS 7.0.

Understanding Sites, Applications, and Virtual Directories in IIS 7.0

Provides technical reference about how sites, applications, and virtual directories have changed in IIS 7.0.

Deployment and Installation

Installing IIS 7.0

Provides procedures for installing IIS 7.0 on Windows Vista and Windows Server 2008.

IIS 7.0 on Server Core

Provides procedures for installing IIS 7.0 on Windows Server 2008 Server Core, and procedures for administering the Web server on Server Core.

Web Site Deployment Made Easy

Describes how the new configuration system in IIS 7.0 has simplified the deployment of Web sites.

Operations

IIS 7.0 Operations Guide

Provides a comprehensive set of tasks and procedures to help administrators administer and configure Web servers, sites, and applications.

Security and Protection

Security Changes Between IIS 6.0 and IIS 7.0

Describes the security improvements to authentication, authorization, Secure Sockets Layer (SSL), extension restrictions, and IP restrictions in IIS 7.0.

Understanding the Built-In User and Group Accounts in IIS 7.0

Describes the built-in user and group accounts that were added in IIS 7.0 to improve xcopy deployment.

Understanding IIS 7.0 URL Authorization

Describes how to configure URL authorization rules in IIS 7.0.

Forms Authentication in IIS 7.0

Describes how to use Forms authentication for ASP.NET content and other content types in IIS 7.0.

How to Set Up SSL on IIS 7.0

Describes changes to Secure Sockets Layer (SSL) in IIS 7.0 and provides procedures for configuring SSL.

Using Encryption to Protect Passwords

Describes how to use encryption to protect passwords used in IIS, such as passwords for application pool identities or the anonymous user account.

How to Use Request Filtering

Describes the IIS 7.0 Request Filtering feature, which replaces the URLScan security tool that was provided as an add-on tool in earlier versions of IIS.

Troubleshooting

Monitor Activity on a Web Server

Provides links to tasks that help you monitor activity on a Web server by using the Logging, Failed Request Tracing, and Worker Processes features in IIS 7.0.

Diagnostics and Troubleshooting with IIS 7.0

Provides an overview of the new features in IIS 7.0 that enable you to better diagnose problems that occur on your Web server.

How to Use HTTP Detailed Errors in IIS 7.0

Describes how to configure detailed HTTP errors that can help you better troubleshoot problems with your sites and applications.

Troubleshooting Failed Requests Using Tracing in IIS 7.0

Describes how to use the Failed Request Tracing feature in IIS 7.0 to capture traces of requests that help you troubleshoot problems on your Web server.

Overview of Runtime Status and Control Data and Objects

Provides an overview of Runtime Status and Control Data and Objects (RSCA), which gives administrators the ability to view the current state of control runtime objects, such as application pools.

How to Access IIS 7.0 RSCA Data

Describes how to use the RSCA Application Programming Interface (API) to gather information about runtime objects.

Community Resources

Frequently Asked Questions

Provides answers to frequently asked questions (FAQs) from customers.

IIS.NET Forums

Provides a place where customers can ask questions and receive answers from the IIS product team and other customers.