IIS Administration

Course number: IIS-200
Duration: 2 days

This 2-day course teaches attendees the principles of web server administration for Microsoft's Internet Information Server (IIS) version 8, 8.5, and 10 (Windows Server 2012, 2012 R2, and 2016). Although other web development frameworks are mentioned, the course is primarily focused on hosting ASP.NET-based applications.

Comprehensive course manual
Detailed hands-on lab exercise manual
Training guide and slides for the course instructor

No prior IIS or web server administration experience is presumed.

The hands-on lab exercises are designed for an environment where each student has an instance of Windows Server.

Introduction

Role of a Web Server
Static and Dynamic Content
Security
Authentication and Authorization
Evolution of IIS
HTTP/2

Deployment Planning

Windows Server Editions
Nano Server
Windows Installation Options
Active Directory vs. Standalone
IIS Modules

Installation

Server Manager
PowerShell
Upgrading from a Previous Version of IIS
Automated Installation

Server Footprint

Folders and Files
System Services
Windows Users and Groups

Tools for IIS Administration

IIS Manager
AppCmd
PowerShell
Microsoft.Web.Administration API

Basic Administration Objects

Virtual Directories
Applications
Sites and Bindings
Application Pools

Configuration System

Architecture
Feature Delegation
Configuration Editor
Configuration Backups

Remote IIS Administration

IIS Management Service
Users and Permissions

Core Architecture

HTTP.sys
Worker Processes
World Wide Web Publishing Service (W3SVC)
Windows Activation Service (WAS)

Request Pipeline

Classic vs. Integrated Pipeline Mode
Request Lifecycle Events
IIS Modules
ISAPI Handlers and Filters
Static File Handler and MIME Types
Failed Request Tracing (FRT)
Modifying Execution Sequence
URL Rewriting

Monitoring and Logging

Real-Time Monitoring
Request Logging
IIS Sub-Status Codes
Application-Level Logging
Centralized and Cloud-Based Logging

Request Filtering and Limits

Blocking Improper and Malicious Requests
IP and Domain Restrictions
Dynamic IP Restrictions
Bandwidth Throttling
Connection Limits and Timeouts

Application Pool Performance

Worker Process Initialization
Automatic Recycling
Effects of Recycling
On Demand vs. Always Running
Idle Timeout
Idle Worker Process Page-Out
Overlapped Recycle
.NET Application Domain Recycling
CPU Affinity and Limits
Rapid Fail Protection

Application Pool Identity

App Pool Identity vs. Authenticated User
NTFS Permissions
Use of Domain Accounts
Interaction with Configuration System
Debugging Permission Issues

Authentication

Anonymous Authentication
HTTP Basic and Digest Authentication
Kerberos and NTLM Authentication
.NET Forms Authentication
Authentication for Web Services
Delegation

Authorization

NTFS-Based Authorization
URL-Based Authorization
Application-Level Authorization
Impersonation

Certificates and HTTPS

SSL, TLS, and HTTPS
Obtaining and Installing a Server Certificate
HTTPS Site Bindings
Server Name Indication (SNI)
Centralized Certificate Management
Certificate Rebind
Requiring HTTPS
Client Certificates
Client Certificate Account Mapping

Caching and Compression

Kernel-Mode Output Caching
User-Mode Output Caching
Downstream and Client Caching
Response Compression

.NET Session State

Session IDs
In-Process Session State
Using a State Server

Web Farms

Introduction
Shared Configuration
Shared Website Content
Session State
Machine Key
Load Balancing
Application Request Routing (ARR)

Web Application Deployment

Pushing vs. Pulling Content
FTP and WebDAV
Microsoft Web Deploy
Dev, Staging, and Production Environments
.NET Core and Kestrel
Deployment using Docker

Conclusion