The more you know about the Microsoft Internet Information Server (MS IIS), the more you can do with it. You need to have a working knowledge of the internal architecture of Internet Information Server before you can effectively utilize some of its features.
The Windows NT operating system team developed some of the initial Microsoft Internet Information Server product. This means Internet Information Server is tightly integrated with the Windows NT Server operating system. It shares applications, interfaces, and tools with Windows NT services, such as the User Manager, Performance Monitor, and Event Viewer. The Microsoft Internet Information Server can use Microsoft SQL Server to log server statistics, and the Windows NT event log to keep track of security and access information.
The Microsoft Internet Information Server product is made up of several components, as shown in figure 5.1.
Figure 5.1 : All of these components are found in most Web servers except ISAPI and ISAPI Filter.
The Microsoft Internet Information Server uses standard Internet network and services protocols.
Client applications establish network connections to an Internet Information Server using standard Windows Sockets and TCP/IP Internet protocols.
Any client application can establish an Internet Information Server network connection as long as it uses standard Internet protocols. An application can run on any operating system, and on any hardware platform.
Web browsers are the most frequently used type of client application. They communicate with an Internet Information Server service by using standard FTP, Gopher, or HTTP Internet protocols.
The Internet Information Server FTP Service transfers files between Internet Information Server and another computer on the Internet.
The Internet Information Server Gopher Service is a tool for browsing through files and directories on the Internet.
The WWW Service processes a single transaction between the client application and Internet Information Server.
The Internet Service Manager configures and manages one or more Internet Information Servers.
Network client applications communicate with Internet Information Server services using the TCP/IP protocol suite. It is sometimes called the Internet Protocol Suite.
The TCP/IP protocol suite has four layers:
Configuration and management of Internet Information Server services are through the Internet Service Manager. Administrators use it to set user access, directory location, and mapping, as well as logging facilities, for each service.
Administrators can enhance the performance of Internet Information Server by using Internet Service Manager. They can also manage one or more systems that are on the local area network from a single Windows NT Server or Workstation.
Internet Service Manager uses Windows NT Distributed Computing Environment Remote Procedure Call (DCE RPC) protocol. It provides the necessary security to safely administer Internet Information Server and all services.
Microsoft Internet Service Manager automatically finds computers running Microsoft Internet services on the local area network. Microsoft Internet Information Server automatically registers available services with WINS servers, when it starts. Internet Service Manager queries the network for computers running Microsoft Internet services. It uses TCP/IP broadcasts if WINS servers are not available.
Automatic discovery fails if WINS servers are not available and Internet Information Servers reside across routers.
A goal of the Open Software Foundation's (OSF) Distributed Computing Environment (DCE) is to make a network appear like a single system. It is a set of libraries, tools, and runtime services that support distributed client/server applications on heterogeneous networked computers.
The Remote Procedure Call (RPC) mechanism is the plumbing that enables DCE to function. It enables programs on one platform to call functions that run on another platform. It abstracts the differences in platform locations and architectures, as well as network transport protocols.
Microsoft DCE and OSF DCE are compatible because they use the same Internet protocols; their programming interfaces look different.
Three services are offered by Microsoft Internet Information Server. They are:
The File Transfer Protocol (FTP) Internet Information Server Service can transfer any file between the server and a FTP client, as shown in figure 5.2.
The Internet Information Server FTP Service handles concurrent access by multiple FTP clients. Each FTP client establishes a socket connection to the Internet Information Server FTP Service, and logs on to it.
FTP clients use a limited set of commands, and have restricted file access. The socket connection to the Internet Information Server FTP Service lasts until the FTP client disconnects.
FTP is one of the earliest Internet TCP/IP protocols. Web browsers and other graphical interface applications have replaced early FTP client applications.
Most FTP services do not provide descriptions of files. Browsing through directories is a slow process.
Administrators use the Internet Service Manager to configure the FTP Service.
The following Internet Information Server FTP Service components are set by administrators:
FTP Service user access controls who can use the FTP Service. It specifies which Windows NT Server logon account that the Internet Information Server uses. Most Internet sites use an anonymous FTP login.
FTP Service IP access controls which computers can use the FTP Service. It uses the FTP client computer IP address to control access.
FTP Service connection parameters control connection time-out periods, maximum number of FTP Service connections, and anonymous logons to the FTP Service.
A FTP Service URL resource location is an alias for an absolute path name on a Windows NT Server.
An example of a FTP URL is
ftp://www.infomax.com/ftp/welcome.txt
FTP Service information is logged to a database, file, or not at all. A new log file is generated at specified intervals.
See Chapter 14, "Maintaining an Information Repository with FTP," for a detailed discussion about configuring the Internet Information Server FTP service.
The assigned protocol port number for Internet Information Server FTP Service is 21.
The Internet Gopher is a tool for browsing through files and directories over the Internet, as shown in figure 5.3.
A Gopher client establishes a socket connection to the Internet Information Server Gopher Service. It does not usually require a Gopher client to log in.
A Gopher client displays a hierarchy of items and directories much like a file system, in a menu of text-labeled choices. It may be a list of files, subdirectories, or a combination of both. A Gopher client copies a selected file over the network and displays it.
The Gopher menu can point to files and directories on other Gopher servers on the Internet. It was the first Internet service to offer such a feature.
The Internet Gopher has limited graphical presentation abilities. It can not present graphics and text together.
The Internet Gopher and HTTP are similar network protocols. They became available at about the same time. Most new Internet sites do not offer Gopher services. Many older Internet sites have stopped offering it. They have converted Gopher documents to HTML documents because HTML can present graphics and text together. HTML documents rely on HTTP protocol.
Administrators use Internet Service Manager to configure the following Internet Information Server Gopher Service components:
Gopher Service user access specifies which Windows NT Server logon account the Internet Information Server uses. Most Internet sites use anonymous Gopher logons.
Gopher Service IP access controls which computers can use the Gopher Service. It uses the client computers IP address to control access.
Gopher Service connection parameters control connection time-out periods, maximum number of Gopher Service connections, and anonymous logons to the Gopher Service.
A Gopher Service URL resource location is an alias for an absolute path name on a Windows NT Server.
An example of a Gopher URL is
gopher://www.infomax.com/gopher/
Gopher Service information is logged to a database, file, or not at all. A new log file is generated at specified intervals.
The assigned protocol port number for Internet Information Server Gopher service is 70.
A Web browser processing HTML documents uses the Internet HTTP protocol to transact with Internet Information Server World Wide Web (WWW) Service, as shown in figure 5.4.
Microsoft Internet Information Server WWW Service knows how to respond to a HTML request by analyzing URL fields. It can determine if the request is for a static HTML page, an ISAPI application, a CGI application, or an Internet Database Connector.
The Hypertext Transmission Protocol is a stateless protocol designed to process a single transaction during a connection to a server. It is layered on the TCP and IP protocols.
There are four steps during a single HTTP transaction:
A Web browser makes a connection to an Internet Information Server WWW Service for each file that is a part of the HTML document. It makes a connection for the HTML text file first. The Internet Information Server disconnects after send-ing it.
The Web browser parses the text file looking for graphical image file names. It then makes a connection to the Internet Information Server and requests a single graphical image file. The Internet Information Server disconnects after sending it. This process repeats for each graphical file.
HTTP is the most used Internet protocol. It accounts for about 25 percent of Internet packets. FTP Internet protocol is second. It accounts for about 15 percent of Internet packets.
Administrators use Internet Service Manager to configure the following Internet Information Server WWW Service components:
WWW Service user access controls who can use the WWW Service. It specifies which Windows NT Server logon account the Internet Information Server uses. Most Internet sites use anonymous WWW logons.
WWW Service IP access controls which computers can use the WWW Service. It uses the client computers IP address to control access.
WWW Service connection parameters control connection time-out period, maximum number of WWW Service connections, and anonymous logons to the WWW Service.
A WWW Service URL resource location is an alias for an absolute path name on a Windows NT Server.
An example of a HTTP URL is
http://www.infomax.com/welcome.htm
WWW Service information is logged to a database, file, or not at all. A new log file is generated at specified intervals.
Microsoft Internet Information Server WWW Service is upwards compatible with the Internet HTTP protocol.
The assigned protocol port number for the Internet Information Server HTTP service is 80.
Network Clients run applications on the Microsoft Internet Information Server by clicking a URL.
WWW Service analyzes URL fields to determine if the resource requested is a static HTML page, ISAPI application, CGI application, or Internet Database Connector (IDC) application. ISAPI, GCI, and IDC application dynamically generate HTML output.
An ISAPI application runs within the Internet Information Server process. A CGI application runs as an external application. An IDC application is mapped to the ISAPI Httpodbc.dll.
Internet Information Server applications are written in almost any 32-bit programming language, such as C, C++, or Perl, or as Windows NT .bat or .cmd batch files.
ISAPI is an Internet Server API for writing applications. ISAPI applications are compiled as DLLs and are loaded by the WWW Service at startup. They run within the address space of Microsoft Internet Information Server, as shown in figure 5.5.
All WWW Service resources are available to ISAPI DLLs. There is minimal execution overhead for ISAPI applications because there is no additional operating system overhead for each request.
The WWW Server knows the ISAPI DLLs in memory. It unloads ISAPI DLLs that have not been accessed in the time set by the Internet Information Server administrator, and frees up system resources.
The following is a list of some Internet Information Server WWW Service ISAPI applications. It is not a complete list. Microsoft and other vendors are delivering new ISAPI components as Web technologies mature.
The Internet Information Server ISAPI interface is about five times faster than CGI. One reason for the dramatic performance difference is the Internet Information Server must create a new process each time it launches a CGI application.
ISAPI Filters extend and enhance the capabilities of Microsoft Internet Information Server. ISAPI Filters are between the network connection to the client application and the WWW Service, as shown in figure 5.6.
Figure 5.6 : Internet Information ISAPI filters process data entering and leaving the WWW Service.
An ISAPI Filter registers a call back with Internet Information Server for selected events. Registration happens when Internet Information server is first loaded. Internet Information Server calls the ISAPI Filter when the event happens. They process Web client data entering and leaving the WWW Service.
Multiple ISAPI Filters may register with Internet Information Server for the same event. The event calling order is on the priority basis specified by each filter.
ISAPI filters enable preprocessing of WWW Service requests and
post processing of HTTP responses.
| NOTE |
ISAPI filters only work with the Internet Information Server WWW Service. They do not work with Internet Information Server Gopher, or FTP services. |
Some possible uses for ISAPI Filters are
The Common Gateway Interface (CGI) is a standard way of interfacing external applications with Microsoft Internet Information Server, as shown in figure 5.7. It is one of the simplest ways of extending Internet Information Server.
A CGI external application executes in real time and can dynamically produce output information. It can process HTTP requests from Web clients and return a HTML document. GCI external applications usually access information not in HTML form. GCI external applications act as a gateway between the Web client and the information. They generate a HTML document on the fly.
Microsoft Internet Information Server creates a new process when it receives a CGI execution request from a Web browser. It passes the data received from the browser to the new process by environment variables and stdin. The Internet Information Server expects the CGI external application to write the generated HTML document to stdout.
Creating a new process for each new CGI external application is time-consuming and requires memory and other Windows NT Server operating system resources.
The Internet Information Server ISAPI interface is about five times faster than CGI. One reason for the dramatic performance difference is the Internet Information Server must create a new process each time it launches a CGI application.
Microsoft Internet Information Server builds upon existing Windows NT Server Security.
Windows NT security complies with National Security Agency class C2 trusted computer system evaluation criteria. The four essential requirements of C2-level security are:
The Department of Defense, Trusted Computer System Evaluation Guide, publication DoD 5200.28-STD, commonly called the "Orange Book," is available at
(http://www.disa.mil/MLS/info/orange/)
Microsoft Internet Information Server builds on Windows NT Server security with the following features:
Performance attributes of Microsoft Internet Information Server are integrated into the Windows NT Performance Monitor.
Some of the overall Internet Information Server performance attributes are
Some of the FTP Service performance attributes are
Some of the Gopher Service performance attributes are
Some of the WWW Service performance attributes are
The Windows NT Performance Monitor logs and replays Internet Information Server performance data. It can produce reports and enable alerts.
World Wide Web usage is growing at a phenomenal rate. Web browsers offer more services. Web technology is being applied to client/server concepts, principles, and realities, and delivering new Web applications.
Clusters of fast computers using multiple processors will power these applications running on Microsoft Internet Information Servers.
Web browsers are the most frequently used type of client application that communicate with Internet Information Server. They process HTML, Gopher, and FTP transactions. Any client application that adheres to HTTP, Gopher, or FTP protocols can communicate with Internet Information Server services.
Microsoft provides the following APIs to help applications communicate with Internet Information Server:
Symmetric Multiprocessor computers have two or more processors. All processors share global memory in a "shared memory model." They also share the I/O subsystem.
SMP computers run a single copy of the operating system. Windows NT operating system and Internet Information Server are designed to run on SMP computers.
There is no master and slave relationship between SMP processors. They are all created equal. All processors scan the operating system process table looking for the highest priority process that is ready to run. They run the process when they find it. The processor returns to scanning the operating system process table when a process blocks, or finishes.
Low cost SMP computers will soon be commodity items. Some will have a fixed number of processors. Others will accommodate upgrading the number and type of processors. Microsoft Windows NT operating system and Internet Information Server will automatically make use of added processors.
A cluster is a collection of interconnected whole computers that are used as a single, unified computing resource. Clustering minimizes downtime. It keeps systems running when a single system fails.
A cluster may be a set of personal computers connected together with a general purpose local area network. A cluster may also be a set of SMP computers connected together with specialized high speed networks.
Microsoft is working with industry partners to bring clustering technology to the Internet.
Load balancing is automatic in SMP computers. The mechanism is inherent in SMP computer architecture. Clusters have no such mechanisms.
Load balancing among a cluster of Internet Information Servers is possible using the Internet Domain Name System (DNS). This is possible because a network client application requests one transaction for each network connection.
The simplest way is to have the DNS database contain the same host name, but different IP addresses, for all the computers in a cluster. Internet DNS returns the next IP address each time it resolves the common host name.
A "smart" DNS polls each computer in a cluster for performance attributes, and returns the IP address of the least loaded computer.
Internet Information Server performance attributes will most likely be the bases for more sophisticated schemes.
The more you know about the Microsoft Internet Information Server, the more you can do with it. You need to have a working knowledge of the internal architecture of Internet Information Server before you can effectively utilize some of its features.