WSV 332 Whats New with IIS 8 Performance

  • Slides: 25
Download presentation

WSV 332: What's New with IIS 8 Performance, Scalability, and Security Wade A. Hilmo

WSV 332: What's New with IIS 8 Performance, Scalability, and Security Wade A. Hilmo Principal Development Lead Microsoft Corporation Shaun Eagan Senior Program Manager Microsoft Corporation

Session Objectives Learn how IIS 8 make it easier to secure your website and

Session Objectives Learn how IIS 8 make it easier to secure your website and host secure sites Understand how IIS 8’s sand-boxing features isolate your websites and improve application responses Discover how IIS 8’s Application Initialization features improve application startup experience Key Takeaways IIS 8 makes it easier to prevent unwanted activity through Dynamic IP Restrictions IIS 8 reduces the attack surface for FTP brute-force/dictionary attacks CPU Throttling can be used to sandbox websites and prevent performance issues Application Initialization enhances your end-users’ website startup perceptions

IIS 7: Static IP Requires manually discovering and blocking known IP addresses Only returns

IIS 7: Static IP Requires manually discovering and blocking known IP addresses Only returns HTTP 403 status * Note: A down-level version of Dynamic IP IIS 8: Dynamic IP * Deny access based on concurrency or frequency of HTTP requests Configurable response behavior HTTP 401/403/404 status Abort the request Proxy-aware IP filtering has been released for IIS 7. 5.

Demo Dynamic IP Restrictions

Demo Dynamic IP Restrictions

IIS 7: FTP Static IP Filtering Requires manually discovering and blocking known IP addresses

IIS 7: FTP Static IP Filtering Requires manually discovering and blocking known IP addresses Subject to brute-force attacks and password lockouts IIS 8: FTP Logon Attempt Restrictions Dynamically blocks IP addresses that flood the server with failures Prevents script-kiddie and brute-force attacks

Demo FTP Logon Attempt Restrictions

Demo FTP Logon Attempt Restrictions

You manage a server, and you host multiple tenants Badly-written applications from some tenants

You manage a server, and you host multiple tenants Badly-written applications from some tenants might consume too many resources Well-written applications from other tenants might be starved for resources

IIS 7: CPU Throttling Monitors for CPU use that exceeded specific threshold Allows terminating

IIS 7: CPU Throttling Monitors for CPU use that exceeded specific threshold Allows terminating an IIS worker process IIS 8: CPU Throttling Limits CPU usage per tenant: Throttling CPU usage Throttling under load Terminating an IIS worker process

Demo CPU Throttling Sand-boxing CPU Usage

Demo CPU Throttling Sand-boxing CPU Usage

Application Initialization is built-in for Windows Server 2012 Application Initialization was released as an

Application Initialization is built-in for Windows Server 2012 Application Initialization was released as an out-of-band (OOB) project for IIS 7. 5 Application Start Mode Application Preload Application Initialization

Allows the application decide how it will respond to requests received during the warm-up

Allows the application decide how it will respond to requests received during the warm-up period Each application can define its own behavior IIS marks requests received during warm-up, and allows the application to change the startup experience

Allows an application to be initialized when the worker process starts Server administrator decides

Allows an application to be initialized when the worker process starts Server administrator decides which applications should be preloaded New process and recycled process behave differently

Feature existed in IIS 7, but is more useful in IIS 8 Allows pre-starting

Feature existed in IIS 7, but is more useful in IIS 8 Allows pre-starting application pools instead of waiting for a first request

Demo Application Initialization

Demo Application Initialization

In this presentation you… Learned how IIS 8 makes it easier to secure your

In this presentation you… Learned how IIS 8 makes it easier to secure your website and host secure sites Understood how to throttle the resources for high CPU usage applications Discovered how IIS 8’s Application Initialization increases website startup experience Key Takeaways IIS 8 makes it easier to prevent unwanted activity through Dynamic IP Restrictions IIS 8 reduces the attack surface for FTP brute-force/dictionary attacks CPU Throttling can be used to sandbox websites and prevent performance issues Application Initialization enhances your users’ website perceptions

WSV 331 - What's New with IIS 8: Open Web Platform for Cloud WSV

WSV 331 - What's New with IIS 8: Open Web Platform for Cloud WSV 332 - What's New with IIS 8: Performance, Scalability, and Security DEV 349 - Internet Information Services (IIS) Express for Web Developers

In-depth technical articles and samples Connect with other IIS experts through blogs http: //learn.

In-depth technical articles and samples Connect with other IIS experts through blogs http: //learn. iis. net http: //blogs. iis. net Free advice and assistance in forums Download center with IIS solutions http: //forums. iis. net http: //www. iis. net/download

Evaluations Submit your evals online http: //europe. msteched. com/sessions

Evaluations Submit your evals online http: //europe. msteched. com/sessions

Q&A Questions? Wade A. Hilmo wadeh@microsoft. com Microsoft Corporation Shaun Eagan shaune@microsoft. com Microsoft

Q&A Questions? Wade A. Hilmo wadeh@microsoft. com Microsoft Corporation Shaun Eagan shaune@microsoft. com Microsoft Corporation

Learning Connect. Share. Discuss. Microsoft Certification & Training Resources http: //europe. msteched. com www.

Learning Connect. Share. Discuss. Microsoft Certification & Training Resources http: //europe. msteched. com www. microsoft. com/learning Tech. Net Resources for IT Professionals Resources for Developers http: //microsoft. com/technet http: //microsoft. com/msdn