IIS Insider - January 2005

By Brett Hill

Accessing Different Content On Your Site - Public and SSL

Q: We would like to configure IIS so that we have a public, non-SSL site as well as content that is encrypted with SSL when accessed. The tricky part is that we want the users to access different content when they go to http://oursite versus https://oursite. If you have any suggestions on how we might achieve this, it would be appreciated.

A: When you assign a certificate to a web site you enable the entire site for SSL. Your requirement is a bit different, however, in that you want users to be directed to a completely different content when they use https instead of http. Here are a two ways to achieve this:

You can use a simple script on your default page to verify the request as http or https and redirect as required. To do this you can use the following ASP script provided by IIS guru Bob Filipiak.

<% Dim strTmp strTmp = Request.ServerVariables("HTTPS") If strTmp = "on" Then request.redirect("https://www.contoso.com/private/") Else request.redirect("http://www.contoso.com/public/") End If %>

Alternatively, you can modify your web site configuration. By default, your web site will respond to the IP address + port 80 for http and IP address + port 443 for the https/SSL enabled site. However, you can achieve your goal by creating one web site that responds to http using IP address+port 80 that is not https enabled, and a second web site that ONLY responds to the same IP address on port 443.

For example, Site 1 is your public non-encrypted site and is configured to respond to the IP address on port 80. The home directory is d:/publicsite. This works normally and delivers all your content as usual when the request is made via HTTP. The site is NOT enabled for SSL.

Site 2 is configured to so that responds to the IP address for HTTP requests and to for SSL on port 443. The home directory is mapped to d:/privatesite. In this way, when the user makes an HTTPS:// request for the or name that resolves to, they will be directed to Site 2. HTTP requests are directed to Site 1 as illustrated below.

If your browser does not support inline frames, click here to view on a separate page.

There are other ways to approach this problem, but one of these techniques should solve your problem.

Resources on Configuration and Administration of IIS 6 for High Availability

Q: Is there any documentation on how to configure an IIS 6 Server for high availability? There is plenty of information on individual tasks such as security configuration and general administration, but there doesn't seem to be a centralized resource of configuration and administration of IIS 6 in a high availability environment.

A: IIS 6 performance is a complex topic that involves a lot of variables that are unique to each environment. For this reason, it is difficult to effectively generalize about performance tuning. However, Casey Jacobs, Group Manager for Microsoft.com, gave an excellent presentation on IIS performance at TechEd 2003, USA. You can find an updated version of this presentation at http://msevents.microsoft.com/cui/WebCastEventDetails.aspx?culture=en-US&EventID=1032263796&EventCategory=3. This presentation by Casey Jacobs and IIS uber guru Jeff Stuckey is full of well reasoned, practical advice distilled from their work in making Microsoft.com the number one rated "enterprise" for availability according to Keynote Systems.

You'll find practical advice ranging from how to effectively name your application pools, use Metabase Explorer for migrating from IIS 5 to IIS 6, and syntax for practical administrative scripts and reports to run on your web farm.

Be sure to check out the detailed Appendix slides. They include registry, Metabase, and other settings used to tune IIS 6 servers at Microsoft.com. You can use these suggestions as a reference for adjustments to consider when deploying IIS 6 in a high availability environment. Since the variables are specific to the environment what works for Microsoft.com may not work for you. However, the suggestions presented in this presentation are field tested in one of the worlds busiest data centers, make a good starting point.

Tools for Analyzing IIS Server Performance

Q: Are there any automated tools Microsoft creates for analyzing IIS server performance?

A: Stress testing is one of the most valuable methods for studying server performance. This requires software that will playback a preconfigured set of requests to the server and optionally monitor server performance during the test. This allows you to identify bottlenecks, make adjustments, and re-test to study the effects of your changes. Your stress test software should generate tests based on actual traffic from your IIS logs. This allows you to get very precise information about performance based on how your application is actually used, rather than a theoretical model.

Microsoft makes several useful tools for studying performance.

  1. The Web Capacity Analysis Tool (WCAT) runs from a command line and can playback IIS log files. It is provided as part of the IIS 6 Resource Guide. To playback log files, they must be converted to file structure that is unique to the WCAT utility. Using the Log Parser Tool, you can convert IIS log files to the WCAT format. See the appendix of this webcast for the exact syntax used with the log parser tool. You will also need to reference the documentation in the Resource Kit on WCAT.
  2. The Web Application Stress Tool (WAST) allows you to create playback scripts by browsing a web site, setup remote monitoring of server performance counters, and synchronize kickoff of multiple clients sessions with each client running multiple instances of the script. The results reports provide performance information on each object downloaded during the test as well as distribution of status codes and other details. There is an online tutorial
  3. Application Center Test (ACT)
    ACT (shown in figure 1) is an updated version of Web Application Stress and is shipped with the .net Framework Enterprise Edition. ACT provides the same basic capabilities as WAST, but is an updated code base user interface. While based on the .net Framework, it is capable of testing a remote site that is delivering content from any web based application.

    If your browser does not support inline frames, click here to view on a separate page.

    Figure 1   Application Center Test user interface

  4. Server Performance Advisor for Window Server 2003. This gem uses the event tracing features built into Windows Server 2003 family to monitor and report on hundreds of performance and configuration criteria. When coupled with Windows Server 2003 Service Pack 1 (SP1), this utility is a powerhouse for studying IIS performance as SP1 includes many updates related to event tracing and IIS. Figure 2 shows the top level of a report I quickly generated while doing a few clicks on IISAnswers.com.

    If your browser does not support inline frames, click here to view on a separate page.

    Figure 2   Server Performance Advisor for Windows Server 2003

    Each of the links in the screenshot expand to show details that have been difficult capture in the past. For example, if you wanted to see how the Web Service Cache was working (or not), the following details are available.

    If your browser does not support inline frames, click here to view on a separate page.

    Figure 3   Web Service Cache (Performance Counters)

    These are essential performance counters that were monitored during the sample period, and can be adjusted to suit your requirements. For example, you might want to add Kernel: URI Cache Hits % to get a better read on how well the Kernel mode cache is working.

We hope these free resources will help you study and tune your IIS server performance.

Submit your questions to the IIS Insider. Selected questions along with the answers will be posted in a future IIS Insider column.

For a list of previous months' questions and answers on IIS Insider columns, click here.

We at Microsoft Corporation hope that the information in this work is valuable to you. Your use of the information contained in this work, however, is at your sole risk. All information in this work is provided "as is," without any warranty, whether express or implied, of its accuracy, completeness, fitness for a particular purpose, title or non-infringement, and none of the third-party products or information mentioned in the work are authored, recommended, supported or guaranteed by Microsoft Corporation. Microsoft Corporation shall not be liable for any damages you may sustain by using this information, whether direct, indirect, special, incidental or consequential, even if it has been advised of the possibility of such damages.