Windows Server 2008 R2 Unleashed (81 page)

on Windows Server 2008 R2. The minimum server requirements are based on Windows

Server 2008 R2. It is a best practice, however, to stick with multiple dual- or quad-core

processors, fault-tolerant disks such as RAID 1 running at 15K rpm, and use as much RAM

as needed, depending on how many sites and users you will be hosting. For more informa-

tion on recommended Windows Server requirements, review Chapter 1, “Windows Server

12

2008 R2 Technology Primer,” or for server performance tuning, network optimization, and

SSL off-loading, see Chapter 34, “Capacity Analysis and Performance Optimization.”

Determining Fault-Tolerance Requirements

Fault tolerance is a key aspect of any web infrastructure and should be addressed during

planning and designing phases, regardless of whether an organization can afford down-

time of its websites or requires 99.999% uptime. In view of this, service-level agreements

(SLAs) are highly recommended and should be determined from the operational goals

during the design and planning phase. After an SLA is in place, it will be easy to apply the

appropriate fault tolerance to the web infrastructure because expectations and tolerances

are clearly defined and previously agreed upon by everyone involved in the process.

Various technologies can be applied to a Windows Server 2008 R2 web infrastructure to

support even the most demanding SLAs. For example, Windows Server 2008 R2 web

ptg

servers can use Network Load Balancing (NLB) to distribute the load and client requests

among multiple web servers, and provide fault tolerance. This is also known as scaling IIS

by creating a web server farm. NLB is more suited for scaling web servers than Microsoft

Cluster Service in a failover cluster scenario to provide fault tolerance as the IIS compo-

nents are not cluster aware.

NLB on Windows Server 2008 R2 also offers many new features and functionality, which

makes it more appealing. For instance, NLB offers support for multiple dedicated IP

addresses per node. For a complete list of NLB features, benefits, and step-by-step proce-

dures, see Chapter 29, “System-Level Fault Tolerance (Clustering/Network Load

Balancing).”

Installing and Upgrading IIS 7.5

The installation process and architecture for many of Microsoft’s new products that have

been or will be released in the upcoming years are completely modularized like Internet

Information Services 7.5 on Windows Server 2008 R2. By providing a modularized

approach, web administrators have complete control over the footprint of IIS when

customizing the installation. This results in the surface area being reduced, which, in turn,

drastically minimizes the chances of a security compromise.

NOTE

As part of the Microsoft Trustworthy security campaign, IIS is not installed on Windows

Server 2008 R2 by default. You have to add the Web Server (IIS) role via Server

Manager if you want IIS installed.

384

CHAPTER 12

Internet Information Services

Before installing or upgrading Internet Information Services, it is a best practice to fully

understand the new modular installation process, including the features associated with

the installation.

Understanding the Modular Approach to Installing IIS 7.5

The new buzzword for Internet Information Services 7.5 modularized installation process

is “slim and efficient.” The modular setup is made up of more than 40 separate feature

modules allowing for complete customization when deploying IIS 7.5. This typically

results in minimal surface area and more granularity compared with older editions of IIS.

In addition, even patching is based on a component level. All of this translates to a

customized footprint for each organization running IIS 7.5.

As illustrated in Figure 12.3, the modules, also known as “role services” or “components,”

that can be selected during the installation process of the Web Server (IIS) role consist of

the following:

. Web Server

. Management Tools

. FTP Server

ptg

The following sections depict the modular role services, including an explanation for each.

Web Server Modular/Role Service

The Web Server modular is the main service role within IIS 7.5. It can be considered the

chief functionality for a web server because it provides the foundation for supporting

FIGURE 12.3

Reviewing the role services and feature installation options.

Installing and Upgrading IIS 7.5

385

websites and provides developers with a foundation for development. The Web Server role

is further broken down into more types of features, which can be independently installed,

which promotes further customization of the installation:

.
Common HTTP Features—
A set of features that allow for static content to be

delivered, the creation of customized HTTP errors, directory browsing, and selection

12

of default documents are enabled by default. The HTTP Redirection and WebDAV

publishing features are disabled by default.

.
Application Development—
This feature set is not enabled by default during the

installation. If selected, the Application Development role service makes available

features for creating and hosting web applications. These features include ASP.NET,

.NET Extensibility, ASP, CGI, ISAPI Extensions, ISAPI Filters, and Server-Side Includes.

.
Health and Diagnostics—
Select this feature to install the tools associated with

monitoring, managing, and troubleshooting an IIS installation. The independent

features include HTTP Logging, Logging Tools, Request Monitor, Tracing, Custom

Logging, and ODBC Logging.

.
Security—
The Security role service includes security features for controlling website

authorization based on authentication alternatives. In addition, it provides the infra-

structure for securing IIS and the websites associated with the installation. The

ptg

features that can be selected include Basic Authentication, Windows Authentication,

Digest Authentication, Client Certificate Mapping Authentication, IIS Client

Certificate Mapping Authentications, URL Authorization, Request Filtering, and IP

and Domain Restrictions.

.
Performance—
Performance features such as Static Content Compression and

Dynamic Content Compression bolster website performance by managing band-

width and compression.

Management Tools Modular/Role Service

The next role service associated with the Web Server (IIS) role installation is Management

Tools. The management tools provide the means of managing and administering the IIS

7.5 infrastructure. The following bullets explain the different management tools available

for installation:

.
IIS Management Console—
If selected, the IIS Management Console feature

installs the latest User Interface tool for managing, administering, monitoring, and

securing IIS 7.5. The tool has been much improved and provides support for both IIS

and ASP.NET.

.
IIS Management Scripts and Tools—
It is now possible to manage all of the IIS

settings and configurations based on automated script commands. This feature

provides the infrastructure that allows IIS to be managed by scripts. This is great

when there is a need to manage many IIS 7.5 servers within an infrastructure.

.
Management Service—
This feature provides the foundation within the IIS 7.5

infrastructure for remote management.

386

CHAPTER 12

Internet Information Services

.
IIS 6 Management Compatibility—
This feature provides the tools for backward

compatibility when managing an IIS 6.0 infrastructure from a Windows Server 2008

system running IIS 7.5. In addition, it lets IIS 6.0 management scripts run on IIS 7.5.

FTP Server Modular/Role Service

The next role service is known as the FTP Server. It provides a reliable method for making

files available for download and also offers a reliable place for users to upload files if

needed. The three FTP features that can be installed are as follows:

.
FTP Service—
The FTP Service feature provides the infrastructure for creating and

hosting FTP sites within IIS.

.
FTP Extensibility—
This features enables support for custom providers and

ASP.NET/IIS Manager users.

.
IIS Hostable Web Core Role Service—
The last role service allows an administrator

the potential to write custom code that will host core IIS functionality in your own

application.

Installing the Web Server (IIS) Role

Now that you understand the installation process, including the modules, the next step is

to install the Web Server (IIS) role. You must have Local User Administrator (LUA) security

ptg

privileges on the Windows Server 2008 R2 system to be able to install IIS. There are two

ways to begin the installation: adding the Web Server (IIS) role via Server Manager or

installing the services via the command line.

To install the Web Server (IIS) server role using Server Manager, follow these steps:

1. Click Start, Administrative Tools, Server Manager. The Server Manager tools appear.

2. Right-click Roles in the left pane of Server Manager, then select Add Roles.

3. On the Select Server Roles page, install IIS 7.5 by selecting Web Server (IIS) in the

Roles section, as shown in Figure 12.4. A dialog box pops up, informing you about

additional features required for Web Server (IIS). Click Add Required Features, and

then click Next.

4. Review the introduction messages and notes on the Web Server (IIS) page, and

click Next.

5. Select the desired Web Server IIS role services and features to install. The default

settings include Static Content, Default Document, Directory Browsing, HTTP Errors,

HTTP Logging, Request Monitor, Request Filtering, Static Content Compression, and

the IIS Management Console Management Tool. Click Next. The Confirm

Installation Selections page appears.

NOTE

When installing some of the IIS components, the wizard warns you that additional ser-

vices and features are required as dependencies. Click Add Required Role Services in

the Add Roles Wizard to install the dependencies. These dependencies might include

components of the new Windows Process Activation service.

Installing and Upgrading IIS 7.5

387

12

FIGURE 12.4

Selecting the Web Server (IIS) role during the installation process.

ptg

6. On the Confirm Installation Selections page, review the roles, services, and features

that have been selected for installation, and then click Install to commence the

installation process.

7. Ensure the installation succeeded by reviewing the messages on the Installation

Results page, and click Close.

NOTE

After the installation is complete, additional IIS role services and features can be

added or removed by clicking either Add Role Services or Remove Role Services within

Server Manager based on the Web Server (IIS) role.

Installing the Web Server (IIS) Role via the Command Line

Windows features and roles such as IIS 7.5 can be installed using the command line. To

install a default installation of IIS 7.5, run the following script from a command-line

window:

start /w pkgmgr /iu:IIS-WebServerRole;WAS-WindowsActivationService;