Deploying and Managing a
Customized Web Server on
Server Core
Fabio Yeon
Software Developer Engineer
Robert McMurray
Program Manager
Agenda
Introduction to Server Core
IIS 7.0 on Server Core
Installation and Setup
Remote management options
Modules overview
Best practices
Q&A
Server Core
Introduction
Server Core SKU takes Win2008 a step further
GUI programs and tools are not installed or patched
Reduces resource footprint for OS
Minimizes attack surface
Note: Managed code support is not available
Great for dedicated or appliance type of scenarios
Vertical applications
Specialized, easily deployed turnkey solutions
Server Core
Running IIS 7.0
IIS 7.0 on Server Core
Most IIS 7.0 features available
Componentized and flexible setup
Install only what you really need
No .NET Extensibility or ASP.NET
Ultimate low footprint web server
Lower memory requirement
Lean OS configuration
Minimize attack surface
Server Core
Web Server Scenarios
Static file web hosting (images, Office documents, etc.)
FastCGI with PHP, Perl, etc.
Classic ASP applications
CGI/ISAPI applications
Web-based appliance management
Server Core
Managing IIS 7.0
Managing Server Core
Full fidelity with non-GUI based IIS 7.0 configuration
management
Command line
Scripting
Remote PowerShell
Editing ApplicationHost.config and Web.config files
No GUI shell or manage-code management
Installing IIS 7.0 features:
OCList
Provides full list of features and dependencies
OCSetup <component>
Installs component (plus dependencies)
Demo
Building a static web server
Fabio Yeon
Software Developer
IIS 7.0
Creating Specialized Web Servers
Componentization for Deployments
IIS 7.0’s componentized architecture allows for
complete customization of the Web server
Lightweight, static image server to full-featured Web
server
Rich administration and remoting story to allow for
appliance-like simplicity in management
Replace modules with customized implementations
(example: authorization provider)
Creating Specialized Web Servers
Componentization for Security
Provides maximum attack surface reduction
Binaries are only installed when features are added
Patches for IIS features that are not installed are only
installed to the installation repository
IIS 7.0 Modules & Features
Server Components
Core Components
Security
BasicAuthModule
Application
Development
Health and
Diagnostics
NetFxExtensibility
DigestAuthModule
HttpLoggingModule
ISAPIModule
FTP Publishing
FTPServer
FTPManagement
CustomLoggingModule
WindowsAuthModule
ISAPIFilterModule
RequestMonitorModule
CertificateAuthModule
CGIModule
HTTPTracingModule
AnonymousAuthModule
FastCGIModule
ODBCLogging
IPSecurityModule
ServerSideIncludeModule
LoggingLibraries
UrlAuthorizationModule
Performance
HTTPStaticCompression
HTTPDynamicCompression
ASP
RequestFilteringModule
ASP.NET
Management
ManagementConsole
Common HTTP Web Server Components
StaticFileModule
DefaultDocumentModule
HttpRedirect
DirectoryListingModule
CustomErrorModule
ManagementScripting
ManagementService
Metabase
WMICompatibility
Windows Process Activation Service
ProcessModel
NetFxEnvironment
ConfigurationAPI
LegacyScripts
LegacySnap-in
Demo
Building an application server
Fabio Yeon
Software Developer
IIS 7.0
Server Core
Remote Management
Setting up management:
SCRegEdit.wsf
Netsh / Netdom
Managing server core remotely:
Remote Desktop
MMC
WinRM and WinRS
Most useful for running arbitrary command remotely
Lose strong-type and error handling abilities of other
options
Installing IIS remotely
OCList and OCSetup can run remotely through WinRM/WinRS
Server Core
IIS 7.0 Remote Scripting
Microsoft.Web.Administration (MWA)
Managed code can be run at master management machine,
underlying COM objects are connected via DCOM
WMI
All objects can be remotely accessed
Microsoft.ApplicationHost.AdminManager (ahadmin)
JScript/VBScript using DCOM
PowerShell (using WMI/MWA)
Not yet directly remotable, but can use WMI and MWA from it
WinRM / WinRS
Use with OCList, OCSetup, AppCmd, etc.
Demo
Managing IIS 7.0 remotely
Fabio Yeon
Software Developer
IIS 7.0
IIS 7.0 Modules for Server Core
Deployment Considerations
Application Development
Classic ASP
CGI/FastCGI (i.e. PHP)
Native-code modules
Performance
Static and Dynamic Compression
Output Caching
Security
Authentication and Url Authorization
Request Filtering
Diagnostics
Failed Request Tracing
Request Monitoring
Best Practices
Configuring Remote Management
Firewall rules need to be set up for Remote Desktop,
WinRM/WinRS, MMC (Remote Administration), etc.
IIS-Specific Considerations
Minimize attack surface (hackers can’t exploit what’s not there)
Use OCSetup to remove modules to ensure the binaries are taken
off the box
Use security-sensitive modules: Request filtering, Url
authorization
Utilize features like Failed Request Tracing to diagnose issues
Check that you have all the required modules for your
application (Always test your application after removing
modules)
Session Summary
During this presentation we discussed the following IIS
7.0 topics on Windows Server 2008 Core:
Installation and Setup of IIS 7.0
Remote Management Options for IIS 7.0
IIS 7.0 Modular Design and Minimal Deployment
Best Practices for IIS 7.0 on Server Core
IIS.NET
Home for the IIS Community!
In-depth technical articles and samples
Connect with other IIS experts on blogs & forums
Free advice and assistance in forums
Download center with IIS solutions
Related Content
The following walkthroughs for IIS 7.0 are available on
the www.iis.net web site:
Installing IIS 7.0 from a command-line
Build a Custom IIS7 Server
IIS7 on Server Core
Getting Started with AppCmd.exe
Administering IIS7 on Server Core Installations of Windows
Server 2008
IIS 7.0 at ITForum: Session Schedule
Tuesday
Location
IIS 7.0 for IT Pros (WSI204)
09:00 - 10:15
Tent 1
13:30 - 14:45
Room 115
Managing Web Farms on IIS (WSI302)
15:15 - 16:30
Wednesday
10:45 - 12:00
Room 134
Securing Internet Information Services 7 (WSI03-IS)
Room 121
Remotely Managing for IIS 7.0 (WSI309)
13:30 - 14:45
Room 115
Publishing Content to IIS 7.0 (WSI308)
09:00 - 10:15
Room 131
Troubleshooting Web Sites on IIS 7.0 (WSI02-IS)
10:45 - 12:00
Room 125
Running PHP on Windows Server 2008 (WSI307)
15:45 - 17:00
Room 115
Customized Web Server on Server Core (WSI311)
Friday
09:00 - 10:15
Room 115
Managing IIS 7.0 Through Scripting (WSI310)
10:45 - 12:00
Room 134
Securing Internet Information Services 7 (WSI03-IS)
12:15 - 13:00
Room 116
Deliver Rich Media on Windows Server 2008 (WSI01-PD)
13:30 - 14:45
Room 133
Q&A with the IIS Product Team (WSI04-IS)
Thursday
Q&A
Fabio Yeon
Software Developer Engineer
Robert McMurray
Program Manager
Resources
Technical Communities, Webcasts, Blogs, Chats &
User Groups
http://www.microsoft.com/communities/default.mspx
learn
Microsoft Learning and Certification
http://www.microsoft.com/learning/default.mspx
support
connect
Microsoft Developer Network (MSDN) & TechNet
http://microsoft.com/msdn
http://microsoft.com/technet
Trial Software and Virtual Labs
http://www.microsoft.com/technet/downloads/trials/default.
mspx
subscribe
TechNet Library
Knowledge
Base Forums
TechNet Magazine
Security bulletins
User Groups
Newsgroups
New, as a pilot for 2007, the Breakout sessions will be
available post event, in the TechEd Video Library, via the
My Event page of the website
E-learning Product
Evaluations Videos
Webcasts V-labs
Blogs
MVPs
Certification Chats
Visit TechNet in the ATE Pavilion and get a FREE 60-day subscription to TechNet Plus!
Complete your evaluation on the My Event pages
of the website at the CommNet or the Feedback
Terminals to win!
All attendees who submit
a session feedback form
within 12 hours after the
session ends will have the
chance to win the very latest
HTC 'Touch' smartphone
complete with Windows
Mobile® 6 Professional
© 2007 Microsoft Corporation. All rights reserved.
This presentation is for informational purposes only.
MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.