This article can be considered as the extension of my previous article Understanding Internet Information Services - Part 1. In my previous article we dealt with various components of IIS (Internet Information Services), Authentication methodologies, etc. In this article we will go through the different modes in which IIS operates. We will also cover the concept of Application pools and describe it in detail.

Application isolation is the process of separating the applications from the process boundaries and also preventing one application to affect another and the reducing time that we spend on correcting the issues related to applications. IIS 6.0 operates mainly in two different application isolation modes.

·         Worker Process Isolation mode – This mode is quite new and uses the worker process core component for functioning. This mode is the default mode for the IIS 6.0 and also it is more recommended. We will see further why this mode is more robust and secure than the other mode.

·         IIS 5.0 Isolation Mode – This mode is similar to the Process model of the previous IIS version.

Let us discuss each mode in detail and also illustrate the factors on which we can choose the mode. The factors upon which we derive on a specific mode are listed below.

1.    Performance of the Application after going for a Mode

2.    Reliability of the Application (We need this especially when we go for Multi-Instancing)

3.    Security (We will discuss in next section)

4.    Some of the New cool Features

5.    Compatibility with our application (Last but not the least)

When we consider all the above factors except the last one, worker process Isolation mode is considered to be the better alternative. The only issue with it may be the compatibility issues with the legacy applications. Worker process Isolation mode is also more reliable in the security aspect. Apart from the above features, worker process isolation mode also has the support process recycling, multi instancing and the support for the application pools. Process recycling is the concept by which IIS 6.0 automates refreshing of ASP.Net web applications. By using this approach all the problematic applications are refreshed automatically and the application code modifications can be avoided. Overlapping recycling is a special case of process recycling. In this case the process which is supposed to be recycled continues to serve all the requests while another process is created in parallel. As there is an overlap between the same processes it is known as the overlapped recycling.

In this scenario we also get to see the concept of Multi instancing. Multi-instancing is the concept by which we can have 2 or more instances of the same application. In the overlapped recycling we may have the same application instances running in different processes. We have a configurable timeout field based on which we can specify the time for the process to be terminated.

Let us discuss some of the services of IIS 6.0 in detail.

 

1.    World Wide Web Publishing Service (WWW Service) – This is the core service of IIS. This hosts internet and intranet, connects to all the clients though HTTP requests. It uses and configures the HTTP protocol Stack and worker process for the same. We will look into HTTP protocol stack (also called HTTP.sys) and worker process in detail in the next section. It also monitors the health of the worker process. We will also see how we can configure it.

2.    IIS Admin service – This is used to managed the metabase of IIS. The IIS metabase is the configuration file for the IIS. As expected it is a plain text or in XML format. It is like a .net configuration files which can be opened by any plain text editor.

3.    FTP service – The IIS FTP service is an implementation of the File Transfer Protocol RFC 959, and File Transfer Protocol (FTP). The FTP service provides the feature called as FTP user isolation. Using this new concept, when a user uploads or downloads a file he would be given access only to his own directory. This prevents users from viewing or overwriting other user’s contents.

4.    NNTP service – Network News Transfer Protocol (NNTP) service provides the distributed network news messages on the NNTP servers and to NNTP clients (news readers) on the Internet.

5.    The SMTP service – The SMTP service in IIS processes messages by using the Simple Mail Transfer Protocol (SMTP). This uses the TCP/IP protocol receiving and sending the messages from one computer to another on a network.

Before we understand Application Pools we need to understand the HTTP Protocol Stack (HTTP.sys). HTTP protocol stack is between the operating system kernel and the HTTP requests. It receives the HTTP requests and routes them to the appropriate HTTP request queue. Apart from doing this it also caches the responses and does the Quality of Service functionalities (QoS) like maintaining bandwidth, connection timeouts and connection limits.

When IIS 6.0 runs in worker process isolation mode, we have the option of grouping different Web applications into groups. This concept of grouping applications is known as Application pools. An application pool is a group of one or more Web Sites that are served by a worker process or set of worker processes. We use Application pools to make our applications more robust. By using this approach if a worker process fails it does not affect other worker processes in other application pools. Also, while grouping the application we can apply the configuration settings to the group as a whole.

Before this approach Inetinfo.exe was the central process based on which loading the execution of the application was done. Now, with Worker process isolation mode it enables us o completely separate an application in its own process without the dependency of InetInfo.exe.

More about Application Pools

1.    Multiple Application Pools – We can have multiple application pools configured. All these application pools can run in parallel. We can assign an application to multiple application pools. Thus, if once application pool is busy processing a request the other application pool can take the incoming request.

2.    Application Pool Health Monitoring – As discussed above, it is the job of WWW service to monitor the health of the worker process. The WWW service pings the worker process and waits for the response. If the worker process fails to respond to the pings then WWW service terminates the worker process and creates a new worker process. The time interval for the pinging can is configurable. Figure 1 below shows the same.

Figure 1

If an application fails repeatedly for a specified number of times while responding to the requests, we can configure to safe guard the application. This feature is known as Rapid fail protection. If this feature is set to on and an application misbehaves, then worker process will be forcefully shut down and restarted. Figure 1 shows the same settings. Health monitoring also applies for the application pools. Rapid fail protection also stops the application pools in case of an emergency. These are the different ways by which we can have the Application pools stopped by the health monitoring.

·         When the Rapid fail protection action occurs

·         If the application Pool reaches the maximum CPU usage limit. The maximum CPU percentage can be configured. Figure 2 shows the same.

·         When a configuration error occurs

·         When the windows administrator performs the graceful shutdown of the application pools

Figure 2

3.    Orphaning Worker Process – Orphaning worker process is a special mode of worker process. When this mode is on and if a worker process has some errors, WWW service does not restart or shut down the worker process, rather it removes the worker process from the Application pool. By using this mode the other worker processes in the Application pool can be safe guarded in case of any problem with one worker process.

4.    Web Gardens – It is to be noted that by default an application pool has only one worker process. Web gardens are application pools that are configured to run multiple worker processes. By using Web Garden mode it can handle more loads and reduce the response time. If one worker process is busy, the other worker process can attend to the new incoming requests.

5.    Processor Affinity – In a multi processor environment we can use this setting to see that the application pool runs on the specific Processor or CPU.

6.    Application Pool Identity – Figure 3 shows the Application pool identity settings. For any process to run under Windows NT system it needs to have a process identity to access the resources. Process identity is mandatory for a process under operating system control. Application pool identity is the user account that the worker processes running in the application pool use as their process identity. It is always recommended that the Application Pool identity is given the minimum permissions. This is for the security perspective.

Figure 3

 

 

 

7.    Idle Timeout- Using this setting for an Application pools, the worker process can request for a shutdown. This enables freeing up the unused resources. Figure 4 shows the same.

Figure 4

 

 

 

Overview of IIS 6.0 Architecture

IIS 6.0 provides a lot of new features that include the concept of Application Pools, security enhancements, and better robustness. Apart from the new features, it also supports the Process model of IIS version 5.1. This mode is called as IIS 5.0 Isolation mode. We also discussed the services that IIS 6.0 supports.