Deploying Windows 2000 with IIS 5.0 for Dot Coms: Best Practices

  • Article

By Ram Papatla, rpapatla@microsoft.com

Operating System

Abstract

This paper recommends a series of best practices for deploying the Microsoft® Windows® 2000 operating system and Internet Information Services 5.0 in a dot-com environment. The information and conclusions in this document were compiled while deploying systems for major dot-com businesses in the Windows 2000 Joint Development Program. Each section provides links to online documents that will be helpful in carrying out these recommendations.

Acknowledgments

Contributors

Blair Shaw

Michael Murphy

Technical Writing

Chris Norred

On This Page

Introduction Planning a Migration Planning a Dot-Com Site Testing Debugging Developer Resources Deployment Management Summary

Introduction

A year before the release of the Windows® 2000 operating system, Microsoft teamed with several partners, including several dot-com businesses, to deploy and test the new operating system. These partners included a diverse group of businesses ranging from Super Markets Online to Dell.com. The program, known as the Joint Development Program, helped Microsoft fine-tune its product. From these partnerships, Microsoft developers and engineers learned valuable lessons about the best practices for customers to follow when deploying Windows 2000 with its integrated Internet Information Services (IIS) 5.0 in a dot-com environment. The recommended practices in this paper focus on issues faced by dot-com enterprises. These recommendations can help you avoid some common pitfalls and make the best choices for your organization. Along with each recommended practice, this paper includes links to online documents and resources for more detailed reading and explanations.

Deploying the Windows 2000 operating system in a dot-com environment requires planning and preparation. You should start by understanding the capabilities and features of Windows 2000. Then determine how your dot com can take advantage of them. Assess your needs going forward, analyze your current system, verify operating system requirements, and prepare a deployment plan that includes testing.

IIS 5.0 can get up and running in minutes because it is integrated with Windows 2000. This makes it even easier to create rich, dynamic content and build Web-based business applications for your corporate intranet and Internet sites. IIS 5.0, which ships as part of Windows 2000, significantly improves reliability, availability, performance, management, security, application environment, and scalability.

Microsoft continues to gain experience by working with partners to deploy the new operating system in new environments. This white paper will be updated occasionally to reflect new learning about the best practices. Updates will also reflect advances in technology, such as fixes included in service packs, that resolve earlier problems.

Planning a Migration

Planning is perhaps the most important phase in any project that affects enterprise computer systems. Without sufficient planning, you're more likely to overlook important steps or fail to prevent predictable problems. As a result, vital systems can become unavailable, and day-to-day business operations can be disrupted and revenues lost. With careful planning, however, the new system can meet or even exceed your expectations with minimal disruptions, and greatly enhance your business. Migrating a Web server involves creating a vision and scope, and writing a functional specification. The following articles on Microsoft TechNet provide more planning information. The first three chapters of the Windows 2000 Server Deployment and Planning Guide (from the Windows 2000 Resource Kit) include a thorough discussion of planning and migration. The recommendations and references in this section can help you plan the migration of your dot com to IIS 5.0 on Windows 2000.

Recommendation Understand and document the steps for planning a Web server migration project.

System Readiness and Compatibility

Windows 2000 with IIS 5.0 introduces a new platform and architecture for dot-com business computing. You may need to update some of your hardware and software. Most problems encountered during upgrade testing for JDP dot-com customers involved third-party hardware and software products that were incompatible with Windows 2000. Microsoft provides an online tool, the Readiness Analyzer, to generate a custom report listing known hardware and software compatibility issues that arise when upgrading systems to Windows 2000. Note that this report does not provide information for all third-party hardware and software that you may be running on your system.

Many hardware and software manufacturers will be putting out updates and patches to allow their products to work with Windows 2000. You should take the time to contact these manufacturers to help you determine if your existing systems and software will be compatible with Windows 2000.

On each computer, running winnt32 /checkupgradeonly at the Setup command line helps you identify compatibility issues specific to that machine. This command checks for upgrade compatibility with Windows 2000. For Windows 95 or Windows 98 upgrades, it creates a report named Upgrade.txt in the Windows installation folder. For Windows NT® 3.51 or 4.0 operating system upgrades, it saves the report to the Winnt32.log in the installation folder. Running winnt32 /? will provide a description of the different switches that you can use when migrating your system to Windows 2000.

Such tools will help you discover readiness and compatibility issues, and plan accordingly. The following recommendations will help you assess the readiness of your production systems to make sure your hardware and software will run on Windows 2000.

Run winnt32 /checkupgradeonly to help you identify and eliminate any compatibility issues. Run winnt32 /? for a description of the different switches that you can use when upgrading.

Recommendations:

Obtaining the Latest Windows 2000 Service Pack

Service packs are the means by which Windows 2000 fixes are distributed. Service packs keep the operating system up to date, adding things such as updates, system administration tools, drivers, and additional components. All are conveniently presented for easy downloading. Service packs are cumulative—each new service pack contains new fixes and all of the fixes from previous service packs. You do not need to install a previous service pack before you install the latest one.

Recommendations:

Microsoft Server Products Service Packs

Many dot-com businesses deploying Windows 2000 also use some of the popular Microsoft Server products, such as Exchange Server or Site Server. You should review the list of service packs required for Microsoft server products to run on Windows 2000. Previous versions of Microsoft server products most likely require software updates to run on Windows 2000. Microsoft is releasing service pack updates for each server product to ensure compatibility with Windows 2000. These service packs are available to order or download.

Recommendation: Review the list of service packs for Microsoft Server products to run on Windows 2000.

Microsoft Systems Management Server 2.0 Service Pack 2

Systems Management Server 2.0 is the configuration management tool for networks with hundreds or thousands of workstations. SMS Service Pack 2 is designed to address specific customer suggestions and to ensure compatibility with Windows 2000. You can download the Service Pack, order the CD online, or call 1-800-370-8758 to order a CD (allow 4-6 weeks for delivery). For more information about Systems Management Server 2.0 Service Pack 2 including a complete list of what has changed in the service pack, review the release notes contained in the Installation Readme and Operation Readme files available online and included with Service Pack 2.

Recommendation Install SMS Service Pack 2

Planning a Dot-Com Site

The following recommendations will help you plan and build your dot-com site. These recommendations were proven by dot-com customers in JDP deployments as the methods that take best advantage of the advanced features in Windows 2000 with IIS 5.0. These recommendations will help you ensure that your system delivers top performance, scalability, reliability, and security. These recommendations can also help reduce total cost of ownership (TCO).

IIS 5.0

Internet Information Services 5.0 runs within Windows 2000. It uses other services provided by Windows 2000, such as security services and the Active DirectoryTM service. IIS 5.0 incorporates advanced features in Windows 2000 to improve reliability, performance, management, security, and application services. With IIS 4.0, Microsoft focused on security, administration, programmability, and support for Internet standards. IIS 5.0 has enhanced features and capabilities to deliver Web sites and it is easier to use than prior versions.

Recommendation Read a quick overview of Internet Information Services 5.0.

Process Isolation

A common technique to protect your main IIS process is to run Web applications in their own memory space—that is, to run them out-of-process. This technique known as process isolation improves server stability by protecting the main IIS process even if an application crashes. However, process isolation may have performance tradeoffs. IIS 4.0 provided process isolation as a choice with the Run in separate memory space option in the Internet Service Manager console. IIS 5.0 offers more isolation options, allowing you to set isolation levels at Low, Medium, or High under the Application protection setting in the ISM console. You should thoroughly understand the pros and cons of each setting, and its impact on reliability and performance. It is important to note that Medium is the default setting for Active Server Pages (ASP) in IIS 5.0. The Medium option operates on the new concept of a pooled process, meaning that every Web application set to Medium will share the same instance of Dllhost.exe. This is a new feature that delivers an option requested by many Microsoft customers. It offers a compromise between the reliability of process isolation and the performance tradeoffs in IIS 4.0. Typically, Medium isolation performance in IIS 5.0 is better than in-process applications running under IIS 4.0.

During testing, benchmark the effect of your process isolation choice using Microsoft's Web Application Stress (WAS) tool. This will help you understand how your Web site will scale with each isolation choice. A major e-commerce site trying to serve many customers as quickly as possible may choose the low (in-process) setting. On the other hand, an online trader for whom any downtime could prove dire would choose the high (isolated) setting.

Recommendation Understand Process Isolation levels (Low, Medium, and High) for IIS 5.0.

Microsoft .NET and Windows DNA

The Microsofts® Windows Server Systems™, the comprehensive family of server applications for building, deploying, and managing scalable, integrated, Web-based solutions and services, has evolved from Windows® DNA, a platform for building and deploying interoperable business Web sites. DNA has often been described as a three-tiered model because Web applications are segmented into three logical tiers of functionality: presentation services, business services, and data services.

Key concepts of Windows DNA include:

  • Interoperability. Windows DNA greatly simplifies integration, so you can use the systems you already have in place.

  • Scalability. Windows DNA enables you to scale out your Web-based applications.

In the evolution to .NET, applications will expose functionality as a set of "Web services" to end users and/or developers. Windows DNA applications can be extended to become Web services, which can then be integrated and orchestrated with other Web services using the Microsoft .NET Framework. The development, deployment and management of these new applications and services will be greatly simplified by new .NET tools and technologies delivered by Microsoft.

Recommendation Create an architecture for your site that takes advantage of Microsoft.NET.

E-Commerce White Paper Series

The high levels of reliability and availability required of business-to-consumer Web sites requires great technology, but it also requires great operational processes. Microsoft has gathered information from industry experience and best practices to help you set up and run operational processes. This information is available in the Enterprise Services frameworks, including:

Recommendation Read white papers drawn from these frameworks that are relevant for e-commerce enterprises.

Network Load Balancing

The Network Load Balancing (NLB) service enhances the availability and scalability of Web servers. You can cluster up to 32 servers running Windows 2000 Advanced Server to evenly distribute incoming traffic while also monitoring the health of servers and network adapters. The dual benefits of simple, incremental scalability and high-availability make NLB ideal for use with business-critical e-commerce, hosting, and Terminal Services applications. NLB introduces the concept of software scaling, or scaling out, in which administrators can add capacity to their server farms by simply plugging in additional NLB-configured servers as needed. Benefits include scalable performance, rolling upgrade support to reduce planned downtime, automatic detection and restart of failed computers, automatic distribution of the network load, and integration with Windows 2000 Advanced Server.

Recommendation Use the Network Load Balancing (NLB) service built into Windows 2000 Advanced Server to create scalable and available Web farms.

Transaction Cost Analysis

Transaction Cost Analysis (TCA) is an important management tool for dot-com businesses. This tool helps you determine the traffic load necessary to generate the business anticipated. You must design and build your Web site and applications with capacity to handle this load. The TCA tool is part of the Microsoft Commerce Server application. The purpose of capacity planning for Internet services is to ensure the best acceptable performance while minimizing the total dollar cost of ownership. You can use TCA methodology to simulate client transactions on your dot-com site with a load-generation tool. TCA can be used to measure the cost, in terms of CPU usage, of individual shopper operations, such as browsing, adding an item to the shopping cart, checking out, searching, registering, and so on. The capacity of a site is determined by dividing the costs of shopper operations into the total CPU capacity available for the server. Once you understand the cost and relative frequency of each shopper operation, you can view the performance numbers for a site's pages to see where the bottlenecks are, and to see where you can optimize performance to improve the site's capacity.

Recommendation Use Transaction Cost Analysis (TCA) for site capacity planning based on your existing site in production.

Testing

Before you deploy Windows 2000 with IIS 5.0 on your Web servers, it is very important that you test your proposed design in an environment that simulates real-world scenarios as closely as possible. Not only does this help you find problems with your servers and the Web applications that you plan to deploy on them, but also it protects your production servers from being randomized by unpredictable problems. It is best if you set up your tests in a controlled environment, such as a lab, and isolate the servers from extraneous loads. Concentrate the test servers on stressing your hardware setup and Web applications.

Testing plays a vital role in the success of your upgrade from IIS 4.0 to IIS 5.0. In your test environment, you could discover problems that would be disastrous to encounter on your live site. These might include issues that will affect your Web server's performance. You may discover that you need to add more RAM, or that the ASP application you were hoping to deploy along with your upgrade of IIS 5.0 has too many bugs to go on the Web. If you eliminate as many of these issues as possible during the testing stage, you will have a greater chance of a smooth upgrade.

Setting Up a Test Lab

A well-designed test lab provides a controlled environment for testing throughout the project life cycle—from experimenting with the technology, to comparing design solutions, to fine-tuning the rollout process. A good lab need not be a large resource or capital funding investment; it can range from a few pieces of hardware in a small room to a full-scale network in a data center environment. The test lab is an investment that can pay for itself many times over in reduced support and redeployment costs that arise from poorly tested solutions.

One common issue during deployments at the JDP dot coms was a lack of available equipment to use for a test lab. Building a test lab will require many clients to participate in stress and load testing. One easy solution is to use the developer machines as stress machines overnight to stress the application. Tools like the Microsoft Web Application Stress Tool (WAS) make it easy for client machines to participate. WAS will propagate the stress script to the clients and automatically engage the client machines in a stress exercise.

Recommendation Before you deploy Windows 2000, test your proposed design in a lab environment that simulates and protects your production environment.

  • Building a Windows 2000 test lab.

  • Use developer machines overnight as stress machines for stress testing.

Stress and Load Testing

Dot-com businesses cannot overestimate the crucial benefits to be gained from simple stress testing and capacity planning. These tests ensure that online applications can handle the demands to keep the online businesses running. An organization should set capacity goals, such as a number of page-hits per minute that an application should handle. The WAS tool can simulate a high number of browser connections, which illustrates how your application will perform under real Internet or intranet traffic. This is particularly useful for Web sites that use lots of dynamic content. Simply selecting pages in your browser can create the script that provides this simulation. You should test each new page before releasing it to production. Use the planning tools mentioned earlier to establish a benchmark for the pages in your Web site, then test to make sure they handle the planned capacity. Continue testing after deployment to compare the application's live performance to the established goals.

Recommendation: Use the WAS tool for stress testing and capacity planning.

Setup Log

IIS 5.0 features a setup log, which tracks and lists every event during IIS setup. This can be useful for troubleshooting when you deploy IIS 5.0 in the lab or in production. Errors, missing files, and other failures can be tracked by searching the log using a keyword and fail as in "keyword_fail," to find the source of the failure. The log file can be used to debug installation difficulties that are discovered after attempting to install IIS.

Recommendation When a failure occurs in IIS after upgrade, review the IIS 5.0 Setup log for more information.

Testing Application Compatibility

Start early to develop a plan for testing your Windows-based applications. Information in the pages below can lead you through the process of testing your applications for compatibility with Windows 2000.

Recommendation Read testing guidelines.

Security and Authentication Mechanisms

Users who are familiar with the Windows NT Challenge/Response authentication mechanism in Windows NT Server 4.0 will not find it in Windows 2000. It has been replaced by the Integrated Windows Authentication. The Windows NT Challenge/Response authentication mechanism no longer appears in the management console. Windows 2000 has new authentication mechanisms, and administrators may benefit by using the chart referred to below as a handy reference to the new mechanisms replacing those familiar from Windows NT Server.

Recommendation Understand the authentication mechanisms in Windows 2000.

Debugging

Debugging Resources

Once your applications are deployed in the test lab, you will begin to uncover bugs. Thorough testing and debugging prior to deployment is critical. Windows 2000 with IIS 5.0 provide new features for debugging applications. The Customer Support Diagnostics package contains symbols and debugging tools for diagnosing your system. These can help you resolve bugs on your own, or help you successfully pinpoint and resolve bugs with support services.

In addition to the traditional Windows NT debugging tools (DrWtsn32, Windbg/WindbgRM, kernel debugger (KD), NT software debugger (NTSD)/CDB, and so forth) a new set of debugger-related tools are included with the Windows 2000 Support Tools. This tool set includes debugger extensions that examine kernel data structures, tools for checking the memory pool, and an intelligent kernel memory-dump analysis tool.

These troubleshooting and development tools extend the functionality of existing debugging tools such as Kernel Debugger, provide new features upon which new debugging methodologies can be based, and provide development support.

Recommendation Download the Windows 2000 Customer Support Diagnostics for obtaining symbols and debugging tools.

Debugging COM Applications

As their needs grow, many dot-com businesses add more powerful Component Object Model (COM)–based applications. Developers who take up COM to meet certain objectives for their online businesses may be more familiar with scripting models and often have questions about the more complex issues of debugging COM. The following online resources relate to debugging COM in Windows 2000 with IIS 5.0.

Recommendation: Check out the following resources for help debugging COM components in IIS.

Calling Product Support

When you need Microsoft for technical support, you can try self-help by searching the Personal Online Support site's extensive collection of articles from the Microsoft Knowledge Base. When you need assistance from a support professional, the following tips will help you reach a successful resolution to your problem(s):

  • Describe/Isolate the problem. The better the description of the problem, the easier it will be to isolate. If possible, make sure you can isolate the problem to a specific area.

  • Reproduce the problem. Describe in detail, the steps the Support Professional can use to reproduce the problem.

  • Assess the impact of the problem. What is the impact of the problem on your product or business?

Recommendation Gather information to prepare before contacting Microsoft Product Support. The following articles offer advice for using online self-help.

Troubleshooting Blue Screens

When a fatal system error occurs in Windows 2000, it enters debug mode for troubleshooting purposes. This appears as a blue screen and the first few lines look similar to the following:

   Stop 0x0000001e (c000009a 80123f36 02000000 00000246)
    Unhandled Kernel exception c000009a from 8123f26
    Address 80123f36 has base at 80100000 - ntoskrnl.exe

The following Knowledge Base articles contain information to help you identify the cause of the Blue Screen and gather more information about it before you contact Microsoft Product Support. You can also search the Microsoft Product Support site for more information about fatal system errors, and troubleshooting tips, using the keywords: " kberrmsg" "kbtshoot" and "ntstop."

Recommendation Read KB articles on Blue Screen information.

Developer Resources

The Active Server Pages environment has been enhanced in IIS 5.0 with features that make it easier to use for scripters and Web application developers. The articles recommended below discuss how to get the most from these new features.

Recommendation Understand and incorporate the new ASP 3.0 features.

Using Component Architecture

Components can provide benefits to your ASP application such as scalability, performance, and configuration and deployment flexibility. A COM object encapsulates a piece of compiled code that performs a small set of functions. It can be pulled into any program, but its main functionality remains the same. When you build an ASP project (or indeed any program), you can pull in that functionality as simply as you would make a call to a function that is defined within a program. Many projects or users can use COM objects at the same time due to COM architecture. Their encapsulation makes it easy to reuse code, and they can be distributed on different machines.

ASP Components

ASP components are COM objects that are written with Web-use in mind. For example, instead of "printf," you might have "Response.Write" when sending output text, or a component might manipulate a database depending on input from a Web client. The fact that components are compiled code makes them much faster than performing the same functions with ASP code. Microsoft Transaction Services (MTS) allows you to manage your components no matter where they are located, and it allows you to manage transactions made by those components. In COM+ (available with Windows 2000), that functionality is expanded. Components can be written in any language that supports COM, like VB and VC++. They can be accessed by any other language like VB, VC++, VBScript, or JScipt in ASP or in Windows Script Host. When creating a new version of a component, a developer uses a prescribed method that prevents it from breaking old applications that were written for the previous version of the component. By moving your business logic to component-based architecture, you open up a world of possibilities.

Recommendation Move business logic into a component-based architecture.

COM+

COM+ is the next step in the evolution of Component Object Model (COM) and Microsoft Transaction Server (MTS). COM+ builds on and extends applications written using COM, MTS, and other COM-based technologies. COM+ handles many of the resource management tasks that developers previously had to program, such as thread allocation and security. Where applicable, COM+ can be used to develop enterprise-wide, mission-critical, distributed applications based on the Windows 2000 operating system.

Recommendation Understand the advantages of upgrading to COM+.

Windows Script Host

The Windows Script Host (WSH) is a tool that allows you to run Visual Basic Scripting Edition and JScript natively within the base operating system, either on Windows 95 or Windows NT 4.0. Using the scripting languages you already know you can now write script to automate common tasks, and to create powerful macros and logon scripts.

Recommendation Become knowledgeable in Windows Script Host built into Windows 2000 and incorporate it in your Web architecture.

WMI

Windows® Management Instrumentation (WMI) makes Windows extremely manageable using a consistent, standards-based, extensible and object-oriented interface. WMI is the Microsoft implementation of Web-Based Enterprise Management (WBEM), an industry initiative to develop a standard technology for accessing management information in an enterprise environment. The purpose of this initiative is to help companies lower their total cost of ownership by enabling powerful enterprise-class management of systems, applications and devices. Numerous companies are participating in the WBEM initiative, including BMC Software, Cisco Systems, Compaq Computer, Intel, and Microsoft.

Recommendation Read the articles on WMI.

Microsoft Data Access Components Architecture

The Microsoft Data Access Components (MDAC) architecture provides a universal framework for exposing both traditional SQL-based database sources and non-SQL data stores such as documents or multidimensional sources. The architecture requires nothing of data except that it can be exposed in tabular form from an OLE DB data provider or ODBC data source. Microsoft ActiveX® Data Objects (ADO), Remote Data Service (RDS), or even OLE DB itself can then expose that data to the consumer application.

Recommendation Read MDAC development tips and platform SDKs for database developers.

ADO 2.5 and XML

ActiveX Data Objects 2.5 provides built-in integration with ASP pages in IIS 5.0, and between Remote Data Service (RDS) 2.5 and ASP. ADO 2.5 can be used with ASP pages to generate XML directly from the server. Understand XML integration in ADO 2.5, ASP and the Document Object Model (DOM) in Windows 2000. The resources below describe XML, DOM, name spaces, using XML for server-side scripting, XML data islands and other developer resources.

Recommendation Read up on XML and ADO 2.5.

SOAP

SOAP, the Simple Object Access Protocol, is a way to create widely distributed, complex-computing environments that run over the Internet using existing Internet infrastructure. For services to work together seamlessly, it must be easy to coordinate steps between services over the Internet and simple to create new and customized services. Microsoft's response to this challenge is to use existing Internet standards such as HTTP and XML to enable this kind of interoperability.

Recommendation Review the documentation on SOAP.

Deployment

As JDP customers have deployed Windows 2000 with IIS 5.0 in their dot coms, a few issues have appeared. The following recommendations address these common issues and will help you plan for them or avoid them. The first recommendation below includes information, tools, and resources to make your Windows 2000 deployment easier. Unattended, automated deployments can greatly reduce the amount of time spent installing Windows 2000 on each computer.

Recommendations:

  • Use the Setup Manager deployment tool to simplify the creation of answer files for unattended installations.

  • Use Sysprep for new installations of Windows 2000 on systems with identical hardware. The latest version of Sysprep is available online: Windows 2000 System Preparation Tool, Version 1.1: https://www.microsoft.com/windows2000/downloads/deployment/sysprep/default.asp

  • Rename the computer using lowercase and uppercase letters as desired after Windows 2000 has been installed. This is the workaround for a bug discovered in Sysprep during JDP deployments. The bug causes the Mini-Setup Wizard to convert a machine name entered in lowercase letters to all uppercase letters.

  • Read the Windows 2000 Deployment Planning Guide and other deployment-related information. Windows 2000 – Planning & Deployment: https://www.microsoft.com/windows2000/library/planning/default.asp

SSL Connection Limits

Dot-com businesses must purchase enough Client Access Licenses (CALs) for all Secure Sockets Layer (SSL) connections. This requires careful planning for e-commerce, for example, to estimate the number of simultaneous connections that may be performing secure operations. In e-commerce, secure operations usually involve check-out transactions involving credit cards. If the SSL limit is exceeded, the additional connections will receive a 403.15 error message.

An SSL connection counter is set on the Web server. If you have 15 CALs, then the SSL connection counter is set to 15. This counter is decremented for both anonymous and authenticated users. If an anonymous user browses to a Web site and shops, then begins the payment transaction (transitioning into an SSL session), one SSL connection is consumed for that username. No CALs are consumed. SSL connections do not consume CALs, but the total number of SSL connections is limited to the number of CALs installed on the Web server. See the Knowledge Base article below for more information.

Recommendation If you are experiencing this specific problem where the number of SSL connections is limited by the number of CALs, review the following Knowledge Base article:

Security Configuration

The Windows 2000 Internet Server Security Configuration Tool makes it easy to secure a Web server running IIS 5.0. It conducts an interview to determine what services you want to provide and the general way that you'd like for the server to operate. It then generates and deploys a policy to configure the server appropriately. Before using the tool, please be sure to read the Readme file included with it. The tool errs on the side of caution, and locks down many aspects of the system. It's important that you understand the effects this can have before deciding whether to lock down your server.

The HFCheck tool allows IIS 5.0 administrators to ensure that their servers are up to date on all security patches. The tool can be run continuously or periodically, against the local machine or a remote one, using either a database on the Microsoft Web site or a locally-hosted copy. When the tool finds a patch that hasn't been installed, it can display a dialogue or write a warning to the event log.

Recommendations Use Security Configuration tool and HFCheck to configure and maintain security.

Monitor and Observe

A good monitoring plan checks performance in all areas in the test lab, in a pilot deployment, and after deployment in production. To improve server performance, examine every part of the system for potential bottlenecks. Bottlenecks can be caused by inadequate or improperly configured hardware or by software settings in either IIS 5.0 or Windows 2000. Once you know how your server is performing, you can begin to make changes aimed at improving performance. The performance tuning paper cited below provides information on monitoring IIS 5.0–based servers in Windows 2000. Although much of the information also applies to IIS 4.0, a number of things are new with IIS 5.0.

Writing high-performance server applications requires that you monitor the traditional performance issues of desktop applications, plus things such as memory allocations, cache lines, caching data, thread proliferation, locking strategies, multiprocessor machines, blocking calls, measurement and analysis, multi-client testing, and real-world scenarios.

You can establish counters to monitor such areas. There are hundreds of performance monitor counters in Windows 2000. Counters help you determine where a bottleneck may be occurring. The performance tuning paper presents a roadmap to tracking down such bottlenecks. You can establish counters and save them, and the Performance Monitor tool will run them routinely, eliminating the need to reestablish counters each time you wish to check performance. You can set alerts on various counters. In addition, you should monitor the event logs every two days at least. When problems arise, these event logs will help detect the source.

Another new feature that was not available prior to IIS 5.0 is process accounting. This allows IIS 5.0 to track the amount of CPU time each ASP and Common Gateway Interface (CGI) application is using. The log files show the amount of time, to the millisecond, during a 24-hour period that any given application is running. This data is useful when trying to track down which applications are running the most on a server or if an application is taking too much processor time.

Designing Apps and Tuning Servers for Performance

To truly maximize the performance of your Web site, you must consider many separate issues. These articles recommended below discuss tuning your IIS 5.0 Web server, ASP performance, optimizing scripting languages, optimizing access to your data, optimizing client-side performance, cache use and so forth.

Recommendation Review these guides to performance for Web server applications.

Monitoring Reliability and Availability of Windows 2000-based Server Systems

The Windows 2000 Server operating system contains tools to monitor various conditions of the operating system and the computer in general. This paper describes these tools, their metrics, and some of the commonly monitored conditions.

Recommendation Read the paper.

Management

After you deploy your dot-com Web site, you might like to sit back and relax. However, you can't. Besides updating the content, your site requires some routine management and maintenance. No matter how well you plan the development of your Web site, you are going to have at least a few errors or broken links appearing at some stage. It might not always be your fault. The Web depends on the unimaginably complex mass of inter-site and inter-page links to make it what it is. Maintaining and updating your share of these links is often the biggest headache of all for the site administrator. Windows 2000 with IIS 5.0 provides features and support for tools that you should take advantage of as you manage your site. During the JDP deployments, the following best practices were determined to be useful in managing a dot-com Web site.

Using Terminal Services

Windows 2000 Terminal Services is a technology that lets you remotely execute applications on a Windows 2000-based server from a wide range of devices over virtually any type of network connection. With the integration of Windows 2000 Terminal Services into the core server operating system, you can choose to deploy the latest Windows-based applications in a fully server-centric mode, where applications run entirely on the server.

Recommendation Use Terminal Services where applicable on your Web site.

Using the Provisioning tool

The Web Site Provisioning Tool for Windows 2000 allows ISPs to create and auto-provision new Web sites in a shared hosting environment on Windows 2000 servers, ensuring that they can set up new Web sites more quickly and conveniently.

Recommendation: Use the Provisioning Tool to set up new Web sites.

Creating a custom error page can be effective in helping you retain visitors who found your site through an old or partially broken link. As long as the link gets that visitor to your site (that is, it includes your domain) it doesn't matter if the path and filename are wrong. The visitor will get the custom error page. The error messages that your visitors see in the browser are just ordinary HTML pages. You can edit this file to customize it and, more importantly, add links to take the lost visitor to your home page or site map. You should also routinely test the site for general operations and broken links. Web applications contain multiple links to HTML pages, graphics, and other files. The larger the Web application, the more complicated verifying and maintaining these links can be. You can create link diagrams to identify the links between files in a Web application and to find broken links between items.

Recommendation Customize IIS errors, identify broken links, and establish routine Web testing.

IIS Reset

One of the most significant reliability improvements in IIS 5.0 and Windows 2000 Server is the reliable restart feature of IIS 5.0. It allows an administrator to restart Web services without rebooting the computer. By default, IIS 5.0 uses a new utility, IIS Reset, to restart your IIS services automatically if they fail. The downside is that you may not notice problems with the server so easily. Be sure to monitor the Event Log regularly. If you have to restart your Web service, IIS Reset makes it easier by allowing you to stop and restart IIS services and out-of-process Web applications with one command.

In the past, to restart IIS, an administrator needed to start up four separate services after every stoppage, and was required to have specialized knowledge, such as the syntax of the Net command.

Recommendation Use IIS Reset to restart Inetinfo.exe (IIS 5.0) from the command line or scheduler.

Administering Component Services

You can deploy and administer COM+ applications in two ways. You can use the Component Services administrative tool (a Microsoft Management Console snap-in) or you can write scripts to automate these processes with code that uses administration objects provided through the COMAdmin Library DLL. For a description of how to use these objects, see Automating COM+ Administration. It is found under Creating and Configuring COM+ Applications in the Component Services section of the Microsoft Platform SDK. Using script will allow you to do things such as stopping Mtx.exe to replace a broken DLL.

Most Component Services administrative tasks involve shepherding completed development efforts into use on the network, and ensuring high performance and security for the deployed applications and components. Tasks may include configuring your system for Component Services, making initial services settings, installing and configuring applications, monitoring and tuning component services.

Recommendations:

Administering Web Services

Administering Web sites can be time consuming and costly, especially for people who manage large ISP installations. To save time and money, many ISPs support only large company Web sites, at the expense of personal Web sites. But is there a cost-effective way to support both? The answer is yes, if you can automate administrative tasks and let users administer their own sites from remote computers. This solution reduces the amount of time and money it takes to manually administer a large installation, without reducing the number of Web sites supported. IIS 5.0 offers technologies to help you.

Recommendation Automate administrative tasks, let users administer their own sites.

Windows Media Services

Windows Media Services is completely integrated with Windows 2000 Server, allowing you to integrate streaming multimedia into applications that facilitate corporate communications, e-learning, customer and sales support, news and entertainment services, and product promotions. With Windows Media Services, you can configure and manage high-quality digital media content across the Internet and intranets—delivering live and on-demand content to the maximum number of users.

Recommendation Integrate, share, and publish content with Windows Media Services when possible.

Intranets

Intranets are a powerful and convenient use of the technology you have deployed to run your dot com. Windows 2000 with IIS 5.0 supports Distributed Authoring and Versioning (DAV), which can be of significant value and convenience to your organization. During the JDP deployments, many customers expressed interest in learning more about deploying their technology in intranets.

Recommendation Deploy an intranet.

Summary

The Windows 2000 Server operating system integrates Internet technologies across all services. Internet Information Server 5.0 (IIS) is fully integrated at the operating system level, helping organizations quickly and easily add Internet capabilities that weave directly into the rest of their computing infrastructure. IIS 5.0 uses other services provided by Windows 2000, such as security services and the Active DirectoryTM service. It incorporates these advanced features of Windows 2000 to improve reliability, performance, management, security, and application services for dot-com businesses. Operating system features such as pooled process isolation and IIS Reset make Windows 2000 with IIS 5.0 more reliable for dot-com business computing. The best practices in this paper were compiled during deployments at major dot-com businesses taking part in Microsoft's Windows 2000 Joint Development Program. Developers and engineers who worked on the JDP deployments recommend that you follow these practices when setting up a dot-com business.

For More Information

04/00