Applications on Windows

acceptableseashoreSecurity

Nov 5, 2013 (3 years and 9 months ago)

72 views

Managing PHP and PHP
Applications on Windows


Drew Robbins

Developer Evangelist

Microsoft Corporation

Today’s Agenda…

IIS 6.0
and IIS
7.0 Pillars

Configuring PHP Applications

Securing PHP on Windows

Extending PHP Applications

Managing your IIS 7.0 Systems

Troubleshooting & Diagnostics

Summary

Scale
-
up/scale
-
out

Kernel
-
mode caching

Integrated application platform

Scalability

XML
-
based configuration

Command line administration

Remote administration

System

Management

Fault tolerant architecture

Health monitoring

Intelligent queuing

Reliability

Secure by default

Secure by design

Secure in deployment

Security

IIS 6.0
Pillars

To the Next Level, IIS 7.0
Pillars

Distributed, delegatable configuration

Rich Extensibility

Integrated Configuration for Web Platform

Config

Innovative, Brand
-
new IIS Manager

AppCmd.exe: Command line administration

Http & Https Remote administration

System

Management

Brand
-
new State API

Easy
-
to
-
setup & Use Failed Request Tracing

IIS & ASP.NET Integrated Diagnostics

Diagnostics

Customized, Componentized Web Server

Reduced management of Patches

URLScan built
-
in Functionality

Security

Brand new Win32 API

Integrated support for iHttpModules (ASP.NET)

Extensibility

Secure

Reliable

Scalability

IIS 7.0

Metabase

is gone

Central
File:
ApplicationHost.config

Strongly typed Schema

Uses ASP.NET semantics for .
config

files

Full Distributed Configuration

Use only
ApplicationHost.config

using IIS 7 defaults

Unlock: Give application developers control of
individual sections, collections, elements, and more
!

New scripting and command line tools for
configuration.


Configuration & IIS 7.0

Demonstration
One

Configuring PHP

Slim & Efficient

Install only the components you need

Reduce attack surface to minimum

Five times

more granular than existing IIS
versions

Servicing and patching on a per component
basis

If you don’t install it, you
won’t

need to patch it

Security & IIS 7.0

Demonstration
Two

Securing PHP on Windows

Core Server

Brand new Win32 Native Interface

ALL IIS modules written using this interface


Unlike ISAPI, IIS team uses this very API just like you will

Full ASP.NET 2.0 Support

iHttpModule

Interface available TODAY supported

ASP.NET 2.0 Handlers run exactly as they do today

Configuration

Fully extensible using XML schema files

IIS Manager (User Interface)

Using .NET 2.0, extend IIS Manager capabilities

Diagnostics

Add your events directly into our pipeline

Extensibility & IIS 7.0

Today’s “Request Pipeline”

w3svc

http.sys

cgi

static

file

Isapi

exts

handlers

Pre
-
proc headers

auth’c req

url map

log

End net session

ISAPI Filter Notifications

aspnet_isapi.dll

IHttpModule Events

url map

begin req

auth’c req

auth’z req

resolve cache

handler map

handler exec

update req cache

rel req state

end req

IHttpHandlers

Trace.axd

PageHandler

w3wp.exe

custom errors

authentication

logging

compression

determine handler

begin

authenticate

authorize

resolve cache

map handler

acquire state

pre
-
execute handler

execute

handler

release state

update cache

log

end

forms auth

windows auth

digest auth

basic auth

IHttpModule

*.aspx

trace.axd

IHttpHandler

isapi ext

static file

Native Module

Native Handler

native modules

managed modules

role mgr

url auth’z

The New
Merged

IIS7 Pipeline

was

http.sys

Demonstration
Three

Extending PHP

Wizards that
fully
-
complete
common tasks

Fully delegable
support to
Windows/Non
-
Windows
accounts

Enhanced
support for
common
ASP.NET
configuration

Wizard
-
based
support for IIS
Troubleshooting
features

System Management & IIS 7.0: User Interface

Re
-
built WMI
provider
offering full
support for
new
configuration

Fully
extensible to
allow support
for your
custom code


System Management & IIS 7.0: WMI Provider

Set

oService =
GetObject("winmgmts:root
\
WebAdministration")


' Create binding for site

Set

oBinding =
oService.Get("BindingElement").SpawnInstance_

oBinding.BindingInformation = "*:80:www.site.com"

oBinding.Protocol = "http"


' Create site

oService.Get("Site").
Create

_


"NewSite",

array
(oBinding), "C:
\
inetpub
\
wwwroot"


' Create application

oService.Get("Application").
Create

_


"/foo", "NewSite", "C:
\
inetpub
\
wwwroot
\
foo"

AppCmd.exe offers quick access to new
IIS 7 configuration


Quick, efficient access to new IIS 7
configuration


Mirrors *.vbs files from IIS 6.0


Built
-
in “pipe” support

System Management & IIS 7.0: AppCmd.exe

C:
\
>
appcmd list sites

SITE "Default Web Site" (id:1,bindings:HTTP/*:80:,state:Started)

SITE "Site1" (id:2,bindings:http/*:81:,state:Started)

SITE "Site2" (id:3,bindings:http/*:82:,state:Stopped)

C:
\
>
appcmd

list requests

REQUEST "fb0000008000000e" (url:GET
/
wait.aspx?time
=10000,time:4276
msec,client:localhost
)


WMIv2 & ADSI
Support

Existing Scripts will
“just work”

Installing
Metabase

support is easy

Low
-
level interface
to “re
-
route” Admin
Base Object (ABO)
calls to new
configuration

Relies on
Inetinfo.exe service
be presented and
loaded

System Management & IIS 7.0: Compatibility

Demonstration
Four

Managing IIS 7.0

New, in
-
process state information available

Current processes running

Application Pools Process Id (PID)

Currently executing requests

AppDomains loaded

Real
-
time starting & stopping of sites


Troubleshooting & Diagnostics in IIS 7.0: RSCA

Coolest feature of

em

all…

Failed Request
Tracing traces all
requests through IIS
pipeline

Automatically
enabled on IIS 7

Easily identifies
requests that are
stuck, or failing

Identifies time taken
in each module,
helping analyzing
long running
requests


Begin Request

Read Metadata

Authenticate

Authorize

Cached

ISAPI Filter

Determine Handler

Troubleshooting & Diagnostics in IIS 7.0: FREB

Demonstration
Five

Failed Request Event Buffer

IIS 7 Extensibility

Maximum extensibility

Native & Managed
Code support

Platform extensibility in
Core Server, WMI, User
Interface, and
Diagnostics

Putting it all Together…Summary

IIS 7.0

Security

Reliability

Scalable

Extensible

Config

System

Management

Diagnostic

IIS 7 Management


IIS Manager rebuilt from
ground up


Built in delegation support


Support Windows & non
-
Windows accounts


Remote admin support


Fully extensible

IIS 7 Security:

Very strong customized
web servers

Lightweight processes
for minimum footprint

Strong Request
Filtering to push
URLScan into product

IIS 7 Diagnostics

Real
-
time state
information exposed via
script & managed code

View currently executing
requests in IIS Manager
or Script

Failed Request Tracing:
Zero
-
repro diagnostics

IIS 7 Configuration

Metabase…GONE!

Strongly Schematized


Configuration

Distributed &
Delegation built
directly into new
configuration

Full support for
previous versions usage
of ABO

IIS’s new home for the
community…

Resources

Technical Chats and Webcasts

http://www.microsoft.com/communities/chats/default.mspx


http://www.microsoft.com/usa/webcasts/default.asp

Microsoft Learning and Certification

http://www.microsoft.com/learning/default.mspx

MSDN & TechNet

http://microsoft.com/msdn

http://microsoft.com/technet

Virtual Labs

http://www.microsoft.com/technet/traincert/virtuallab/rms.mspx

Newsgroups

http://communities2.microsoft.com/

communities/newsgroups/en
-
us/default.aspx

Technical Community Sites

http://www.microsoft.com/communities/default.mspx

User Groups

http://www.microsoft.com/communities/usergroups/default.mspx

© 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be re
gis
tered trademarks and/or trademarks in the U.S. and/or other countries.

The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the
dat
e of this presentation. Because Microsoft must respond to changing market conditions, it should not
be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information pr
ovi
ded after the date of this presentation.

MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.