Tuesday, February 28, 2006

so i attended MS Tech roadshow

I attended MS Technology RoadShow (ASP.NET 2.0) this Friday. It was good...and here is the summary of complete schedule...

1. Why Care???

This was title for first session. The whole idea of this session was to explore new features of ASP.NET 2.0 especially how new features helps you in RAD (Rapid Application Development). With VS 2003, it was just like MS was doing all the stuff for developers with such a huge class library and controls. (I m not sure, but probably MS claimed to cut development time up to 60% with VS 2003) Now, with the introduction of VS 2005 (with 50+ new controls and lots of other features) they have further reduced the burden of developer and enhanced RAD to the next level.. RAD is the main thing i see, that gives .NET an edge on all other technologies (including JAVA). Speaker (Janakiram) discussed about various features including aspnet_compiler, membership, master pages, inbuilt web server provided with VS. He started with a web application and beautifully developed it without writing much of code himself demonstrating the power of ASP.NET 2.0 wizards/controls.

2. Reliability n Security...

This session talked about reliability and security of Web Apps. It was all about architecture of IIS 6.0 and how it is different in respect to 5.0 to provide various good things. In IIS 6.0, one can configure processes (worker process.. w3wp.exe equivalent of aspnet_wp in IIS 6) running per application like we can have these kind of configurations…
• One process per application
• One process per n applications
• Or n processes per application

To implement all this, MS has come with concept of application pools, which basically provides a name for some particular settings. One can create as many application pools as one want. Application pool has a different configuration option like how many processes this application pool can create along with lots of other option (about which I will talk in a minute). Now every app in IIS will be using any one of the configured application pools. In fact, application pool can also be shared among different websites. That makes it possible to map n processes per n applications depending upon requirements of any web app. Other than this, application pool has got health monitoring, recycling features which one can configure to take advantage of these new features.
As part of security enhancement, http handling has been implemented in kernel mode (http.sys) whereas app code runs in user mode. http.sys is responsible for managing connection pool which is outside user mode.

The other very practical thing MS has come up with is…most of the features are disabled by default. IIS 6.0 comes with most secure settings set by default. If anyone wants to use some features… he will need to enable them explicitly. This has been done to give less space for attack. Because if some feature is not being used, better switch it off so as to ensure attack can’t be there using this feature. The idea is to reduce surface for attack. Its really practical…

Further details are available @: http://www.microsoft.com/windowsserver2003/techinfo/overview/iisenhance.mspx

No comments: