About Configuring Servers for Applications

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1

Internet Information Services (IIS) 6.0 delivers Web hosting services through an adjustable architecture that you can use to manage server resources with improved stability, efficiency, and performance. IIS separates applications into isolated pools and automatically detects memory leaks, defective processes, and over-utilized resources. When problems occur, IIS manages them by shutting down and redeploying faulty resources and connecting faulty processes to analytical tools.

IIS can run in either of two mutually exclusive modes of operation:

  • Worker process isolation mode. This is the default mode of IIS 6.0, isolates key components of the World Wide Web Publishing Service (WWW service) from the effects of errant applications, and it protects applications from each other by using the worker process component. Use worker process isolation mode unless you have a specific compatibility issue that makes the use of IIS 5.0 isolation mode necessary. Web sites that serve static content or simple ASP applications should be able to move to IIS 6.0 running in worker process isolation mode with little or no modification.

  • IIS 5.0 isolation mode. With this mode, you can run applications that are incompatible with worker process isolation mode because they were developed for earlier versions of IIS. Applications that run correctly on IIS 5.0 should run correctly on IIS 6.0 in IIS 5.0 isolation mode.

Worker process isolation mode provides better default security for running Web applications than IIS 5.0 isolation mode. By default, worker processes run with the Network Service identity. The Network Service account has lower access rights than the default account for IIS 5.0 isolation mode. Web applications that run in-process in IIS 5.0 application mode run as LocalSystem. The LocalSystem account can read, execute, and change most of the resources on the computer.

The default isolation mode upon installing IIS 6.0 depends on whether you perform a clean installation or an upgrade.

  • After a clean install of IIS 6.0, IIS runs in worker process isolation mode.

  • After an upgrade from an earlier version of IIS 6.0, the isolation mode is the same as configured on the previously-installed version of IIS 6.0.

  • After an upgrade from IIS 5.0 or IIS 4.0, IIS 6.0 runs in IIS 5.0 isolation mode by default to maintain compatibility with your existing applications.

For information about switching from one isolation mode to the other, see Configuring Isolation Modes.

Worker Process Isolation Mode

IIS 6.0 introduces worker process isolation mode, which runs all Web applications in an isolated environment. When you run IIS in worker process isolation mode, applications can be configured to run in separate application pools. Each application pool is a logical representation of a configurable worker process and links to the applications in the pool. Worker processes operate independently of each other; they can fail without affecting other worker processes. The pooling of applications protects applications from the effects of worker processes that support other application pools. In this way, applications are protected from each other.

In worker process isolation mode, Hypertext Transfer Protocol (HTTP) requests are routed directly to an in-kernel application pool queue serving the configured application. Worker processes that serve an application pool pull the requests directly from the queue, avoiding process-switching overhead.

To further protect your WWW service, IIS 6.0 isolates critical World Wide Web Publishing Service (WWW service) components, such as the HTTP protocol stack (HTTP.sys) and WWW Service Administration and Monitoring, from the effects of third-party code running in worker processes. HTTP.sys receives and queues requests for WWW services. When a worker process enters an unhealthy state, and thus stops processing requests, HTTP.sys continues to process requests. Meanwhile, the WWW service detects that the worker process is unhealthy and shuts it down. If there is demand for a new worker process to serve requests (HTTP.sys has requests queued), the WWW service starts a new worker process to pick up the queued requests from HTTP.sys. Even though a worker process has failed, the WWW service continues to process requests and shields the user from experiencing a loss of service.

IIS 6.0 worker process isolation mode delivers the following specific improvements over earlier versions of IIS:

  • Robust performance Isolation prevents Web applications and Web sites from affecting each other or the WWW service. Reboots of the operating system and restarting of the WWW service are avoided.

  • Self-healing Automated management provides auto-restart of failed worker processes and periodic restart of deteriorating worker processes.

  • Scalability Web gardens allow more than one worker process to serve the same application pool.

  • Process affinity enables the connection of worker processes to specific processors on multi-CPU servers.

  • Automated debugging The debugging feature enables the automatic assignment of failing worker processes to debugging tools.

  • CPU limiting This monitoring feature enables controlling the amount of CPU resources that an application pool consumes in a configured amount of time.

IIS 5.0 Isolation Mode

If your server must run applications that are incompatible with worker process isolation mode, you can configure IIS to run in IIS 5.0 isolation mode, which supports the process model and features of IIS 5.0. If you run IIS in IIS 5.0 isolation mode, some features of worker process isolation mode are not available.