Application Pools or App Pools are introduced with IIS 6.0
to isolate websites into a group called Application Pools. Also we can say
application pools are a group of one or more URL's that are served by a worker
process, meaning applications running in a single app pools run in the same
worker process w3wp.exe, thus providing a boundary so that if one application
fails it does not hinder other applications running on other app pools. So as a
good practice a highly confidential, secured website can be assigned with a
separate app pool. Also we can use app pools to troubleshoot applications by
isolating them to a separate application pool if we suspect that it creates
problem. By using an application pool, we can have specific configuration
settings to a worker process that services a group of applications or single
application that is running under the App Pool. For example, you can configure
worker process recycling and several other configuration options to match the
needs of each application. We will see this in detail in coming sections.
With this introduction to Application pools we will move to
our subject matter, creating Application pools in IIS 6.0.
Creation
A new application pool can be created using IIS Manager.
Steps
1.
Open IIS Manager.
2.
Expand local computer node. Right click Application Pools node and click
New> Application Pool like Figure 6.
Figure 6 - Creating New Application Pool
It will open a dialog to create new app pool.
Figure 7 - Application Pool ID
Type a Pool ID for the app pool, the best practice to give
identity is choosing a name relevant to the applications hosted. For example, if
the app pool hosts a Shopping cart site, let the pool identity be
ShoppingCartPool so that it can be easily identified as opposed to AppPool #1,
2, etc. Under Application pool settings> select “Use default settings for
new application pool,” Selecting “Use existing application pool as template”
will prompt as to select an existing app pool as the template so that same
setting is applied for the newly created app pool.
3.
Click OK. A new application pool is created with default configurations.
Customizing Application pools
By default, Application pools are configured to use Network
Service Account to service the request. At times we will end in a situation
where we should use a separate account for servicing the request for different
reasons. There are other configuration settings which some times need to be
optimized, which are really done in exceptional situations. The coming sections
will answer these things and take us through accomplishing this.
Steps
1.
Right click the Application pool you have created (Test Pool) in this
example and click Properties. It will bring up a dialog like the one below.
Figure 8 - Application Pool Property recycling tab
Recycling tab is
opened with default settings. Periodic recycling of your application pools is
recommended to help to clean up memory fragmentation, memory leaks, abandoned
threads and other disorders. Keep in mind that when an application pool
recycles, session state information stored in-process is lost for that pool, but
other pools are not affected. ASP.NET, however, does allow you to store your
session state outside the worker process, so that session information is not
lost during a recycle. We can recycle the worker process based on the number of
requests and memory usages.
2.
Moving to Performance tab. Refer to Figure 9.
Figure 9 - Application Pool Property Performance
tab
When the application does not receive a request for certain
amount of time, it is said to be idle so this setting allow us to free up the
occupied resource from the server after the specified time given here. Consider
changing the Request queue limit if your application receives thousands request
per second to mitigate Server busy messages. Most of the time Enable CPU
monitoring is not used. Web garden setting should not be changed from 1, this
specifies the number of worker process required to process the request for an
app pool.
3.
Next, tab "Health" tab for configuring the health, i.e. the
availability of the application can be configured. Refer to Figure 10.
Figure 10 - Application Pool Property Health tab
Enable pinging
causes IIS to automatically query a worker process to see if it is responsive and
utilizing network bandwidth. Enable rapid-fail protection helps to disable the
app pool for specified number of failures occurred in the worker process.
Startup time limit and shutdown time limit are self explanatory and failing to
satisfy those condition falls under failure for rapid fail protection.
4.
The "Identity" tab is where we can configure the worker
process identity.
Figure 11 - Application Pool Property Identity tab
The predefined
setting’s default is to use network service account which is a less privileged
account for security purposes. The other account that can be preconfigured is
Local Service and LocalSystem account. Before making the App pool to use custom
account known as Service accounts, we will explore what and why it is used.
Service Accounts
It is the identity of the App pool under which it services
the request. It is the account that has very less privileges on the machine so
as to reduce the security risk and loop holes. There can be several reasons to
opt for custom service account over the Network service account. Some of the
reasons are:
·
We can have different access controls for different applications
on the local and network resources such as fileservers, etc.
·
It is also a mode of isolating one application from another by
giving a separate identity so other applications cannot access the resource of
another application.
·
We can prevent any accidental or deliberate changes to the access
controls or permissions associated with the general purpose Network Service
account from affecting your application.
See reference section for creating new service accounts.
One think to note here is if our site uses a database then
make sure that the custom service account has the required access to the
database.
Configuring Custom service account with Application
Pool
In the above Figure select Configurable> type the service
account id, password and enter. It will ask for password confirmation like the figure
below. Click OK.
Figure 12 - Configure service account
After doing this restart the App pool by stopping and
starting it again.
Associating Site with Application Pool
We need to associate our site with the App pool we created.
It can be done by right clicking the site's virtual directory (Test in our
case) and property. Select the TestPool from Application pool drop down in "Home
Directory" tab as in Figure 13. Click Apply and OK.
Figure 13 - Associating site with Application Pool
We are at the end of the process and we need to do a smoke
test for the application verification.