Thursday, May 22, 2008

Application Pool

Suppose you are hosting multiple Web sites on a single IIS server and while running one application you see some error messages which is not relevant to the application that is running. What could be the problem? Well, if an IIS server is hosting multiple Web sites, then a problem on one site can cause problems on other sites. Then the obvious question is what would be the solution? The answer is Application Pool.

What is Application Pool?

It is one of the new features introduced in IIS 6.0. An Application Pool can contain one or more applications and allows us to configure a level of isolation between different Web applications. You can create separate Application pools and place your applications accordingly. Each application pool is given its own set of server resources. As each Application Pool runs in its own worker process an error in one Application Pool will not affect applications in a different pool even if one application crashes. A classic example of this is a Web site with a memory leak. If all of the Web sites hosted on a particular server were to share system resources, and one of the Web sites had a memory leak, it could potentially take memory away from the other hosted sites. If the leaky site were in its own application pool though, the memory leak would not affect any other site because each application pool has its own server resources (including memory).



Creating a new Application Pool

Creating a new application pool is a very simple process that is carried out by using the IIS manager. When you create a new application pool, you have the following two options:
1. You can either create a new application pool from scratch or
2. You can create a new application by importing the configuration settings from an external XML file.
To create a new application pool from scratch, right-click on the Application Pools node from the tree view and select New->Application Pool from the context menu. You will be presented with the following screen, where you need to enter a name for the application pool.


When creating a new application, you also have the option of inheriting the settings from an existing application pool. For example, if you want your new application pool to inherit the settings from the DefaultAppPool, you can do that by selecting the option Use existing application pool as a template in the above screen. After you pick this option, the Application Pool name dropdown box will be enabled from where you can select an existing application pool.

After the pool is created, you can save the settings of the application pool to an external XML file any time by right-clicking the application pool and selecting the option All Tasks->Save Configuration to a File that is available from the context menu. This is an extremely useful feature that makes it possible for you to easily recreate the same application pool on the same server or on a different server with minimal effort.


Configuring IIS Application Pool


In previous versions of IIS, worker processes ran as Local System, a powerful account that has system administrator privileges on the server. Because Local System has access to almost all resources on the operating system, this caused security implications. In IIS 6.0, you can set the identity of the worker process at the application pool level. The identity of an application pool is the account under which the application pool's worker process runs. By default, application pools operate under the Network Service account, which has low-level user access rights. The Network Service account has the following seven privileges:
1. Adjust memory quotas for a process
2. Generate security audits
3. Log on as a service
4. Replace process level token
5. Impersonate a client after authentication
6. Allow logon locally
7. Access this computer from the network




Normally, you don’t have to do anything else to the application pool. However, there are quite a few ways that you can fine tune the application pool’s behavior if you’d like. To do so, right click on the application pool and select the Properties command from the resulting shortcut menu. When you do, you will see the application pool’s properties sheet, as shown in Figure A.

1. Recycling Tab
Figure A: Recycling Tab:You can fine tune the behavior of an application pool



As you can see in the figure, the default tab is the Recycling tab. Recycling simply refers to restarting the worker process. Just as a computer sometimes performs better after it has been rebooted, worker processes also need to be “rebooted” once in a while to keep them running well.

By default, IIS recycles the worker process every 1740 minutes (29 hours). However, there is also an option to recycle the worker process after a specific number of requests (this is good for busy Web sites) or at certain times of the day.


The bottom of this tab contains a couple of options for recycling the worker process based on memory usage. You can recycle the worker process once it uses a certain amount of virtual memory or once it is using a certain amount of physical memory. This feature is excellent for preventing memory leaks from causing performance problems.

2. Performance Tab
The Performance tab, shown in Figure B, is designed to keep the application pool running efficiently. The first option on the page shuts down the worker process after the site has been idle for 20 minutes. This helps to give the server processing power and memory resources that it can use for other things until the worker process is needed again.
Figure B: The Performance tab is designed to keep the application pool running efficiently
The next option allows you to limit the inbound request queue length. By doing so, you can make sure that the site doesn’t get slammed with more requests than it can handle.


The next portion of the Performance tab has to do with CPU monitoring. CPU monitoring allows you to prevent a demanding Web application from hogging the server’s CPU resources. You can set the maximum percentage of CPU time that the worker process is allowed to use. If this value is exceeded, you can recycle the worker process.


The last option on this tab is the maximum number of worker processes. As I said earlier, each application pool has at least one worker process. If an application pool contains more than one Web site, it can sometimes realize greater performance if you allow multiple worker processes.

3. Health Tab

The Health tab, shown in Figure C, provides you with the ability to make sure that the worker processes that the application pool is using are healthy. The first option on this tab is the enable pinging check box. If you select this option, then IIS will ping the pool’s worker processes every 30 seconds to make sure that they are responsive.
Figure C: The Health tab allows IIS to monitor worker processes to make sure that they are healthy and responsive


The next check box on the Health tab is the Enable Rapid Fail Protection check box. The idea here is that IIS can completely disable an application pool if there are a certain number of failures within a specific length of time. For example, by default if the worker process fails five times in five minutes, then the application pool will be disabled. The reason for doing this is that if a worker process is failing that often then there must be a serious glitch either with the system or with one of the Web sites within the application pool. IIS takes the application pool down in the interest of preserving the server’s overall stability.

The last two options on this tab aren’t really a big deal. They simply dictate the length of time that is acceptable for a worker process to startup and shut down. In the real world, I have never seen a worker process time out on startup or shutdown, so chances are that you may never have to touch these values.

4. Identity Tab

The identity tab, shown in Figure D, allows you to choose which service account’s credentials the application pool will use. Normally, you will just want to go with the default settings here and use the Network Service. By running the worker process using a very low-privileged account such as Network Service, you can reduce the security vulnerability. However, by using IIS manager, you can configure the application pool to run as any of the following pre-defined accounts:
1. Network Service
2. Local System
3. Local Service

Figure D: The identity tab allows you to choose which service account’s credentials the application pool will use.








References:
http://www.developer.com/
http://www.microsoft.com/

No comments: