In-Depth
Souping Up Your IIS Server
Strengthen your infrastructure for serious IIS use with these monitoring and analysis tools.
Microsoft Internet Information Server is an excellent Web server that
integrates well with the rest of the Microsoft server infrastructure.
But sometimes the management tools that Microsoft provides with IIS leave
something to be desired. Suppose you want to stress-test your server to
see what load it can handle, or analyze your Web traffic so that you can
know which pages on your site are most popular? What if you need to monitor
the Web site for trouble or recover from unexpected failures? In this
roundup, we’ll look at a variety of add-on products that can help you
more effectively manage your IIS-served Web site.
Before You Deploy: Stress-Testing
You’ll probably need your first tool before you even put an IIS server
on the Internet. Do you know how much traffic your Web servers can handle?
Do you know how much is too much? The Web Capacity Analysis Tool (WCAT)
from Microsoft can help. WCAT is one of nearly 300 tools available in
the Microsoft Windows 2000 Server Resource Kit. WCAT is a client-server
system that runs simulated workloads on your Web server. WCAT is made
up of three components—the WCAT Server, which is the system being tested;
the WCAT Controller, which administers and tracks the test; and the WCAT
client, which tests the server. This design allows for the tested system
to only be loaded by Web requests, without the burden of processing test
administration as well. The WCAT client application runs in a single,
multithreaded process that can spawn multiple threads, each representing
a virtual client that then throws page requests at the server. WCAT can
support up to 200 virtual clients on each client computer involved in
a WCAT test, and the WCAT Controller can coordinate multiple client computers.
| Product
Information |
|
Microsoft Web Capacity Analysis Tool Part of
the Windows 2000 Server Resource Kit, $299
Microsoft Press ISBN 1-57231-805-8
www.microsoft.com/mspress/default.asp
eMon Monitor v. 2.9.12, $795
Engagent
Kirkland, Washington
(425) 820-9999
www.engagent.com
IISTracer 2.00, $99 single license/$790 site
PSTruh Software
Czechoslovakia
www.pstruh.cz
Site Recorder 1.0, $795
LockStep Systems
Scottsdale, Arizona
(480) 596-9432
www.lockstep.com
WebTrends Analysis Suite Advanced Edition v7.0,
$2,499 for one server
NetIQ
Portland, Oregon
(503) 294-7025
www.Webtrends.com
Analog 5.1, Free
www.analog.cx
|
|
|
WCAT includes many predefined tests for basic operations, including HTML
and ASP requests, “keep alive,” and SSL operations. These predefined tests
allow you to get up and running quickly with your analysis. You can also
create your own custom tests.
WCAT is an inexpensive way to test different configurations to see which
one will be the optimal configuration for your applications. If you’re
expecting a substantial load on your IIS server, running these tests before
you deploy will help ensure that the hardware is up to the task.
—Stewart Cawthray
Daily Chores: Monitoring and Management
After your Web site goes live, you face a new set of challenges in monitoring
your server and recovering from any problems. We looked at three tools
in this category: eMon, IISTracer and SiteRecorder. Each has its own particular
focus and place in your toolbox.
eMon
eMon Monitor (Figure 1) is a server monitoring tool with excellent flexibility
that can be used with a variety of server types (not just IIS servers).
It can monitor servers with a variety of pings—ICMP, TCP/IP, UDP, IPX,
NetBIOS—and other yes/no tests: specific file presence, disk space available
within criteria, SQL, Oracle, database server availability, HTTP URL access,
and NT service state. Other tests include NT Event Log monitoring, where
you may specify a condition that will trigger an alert, and checking whether
a particular application is running. No agents are installed on monitored
devices, since eMon uses “pull” rather than push. The default reports
are formatted as Web pages accessed via a built-in Web server. This means
you can check the reports from anywhere, thus giving you close-to-real-time
remote reporting
 |
| Figure 1. eMon can monitor multiple servers using
a variety of tools to ensure their continued operation. (Click image
to view larger version.) |
Though not difficult to configure, eMon is a little tedious to set up,
especially in larger environments. You must select the “ check type” server
and the monitoring parameter for every entry. You can group sets of servers
or services together in folders; the whole folder changes color if it
contains an active alert. You can also have eMon notify you of problems
by several means: customizable sound on the monitoring station, e-mail
alerts, or pop-up messages.
eMon goes beyond simple connectivity tests and is quite capable if you
spend the time setting up all the parameters that make monitoring useful.
—Douglas Mechaber
IISTracer
If you’d like to monitor your Web site in real time, take a look at PSTRUH
Software’s IISTracer, shown in Figure 2. IISTracer is an ISAPI (Internet
Services API) library that you load directly on your IIS server. It sits
unobtrusively in the background, monitoring traffic and displaying the
current activity on screen. You can configure a variety of options, including
a threshold for long-running requests so that the monitoring screen will
only show files that are taking a long time to deliver. You can also log
problem activity for future analysis.
 |
| Figure 2. IISTracer provides real-time Web site
monitoring, including a look at recently delivered pages and the HTTP
headers that retrieved them. (Click image to view larger version.) |
In addition to giving you a feel for the patterns of activity on your
server, IISTracer can be an effective way to spot an attack in progress.
Spotting the pattern of unusual URLs sent by Code Red, or a bunch of long-running
connections in a denial-of-service attack, may let you take immediate
corrective action. Screentips on the IISTracer display even show you the
HTTP headers sent to your server, so you can see which browsers your customers
are using or which sites are sending traffic your way.
—Mike Gunderloy
SiteRecorder
Change management can be a tricky thing when it comes to managing a Web
site. Many companies have a single Webmaster keeping tabs on who changes
what on the corporate Web. But if the organization is a nice big monster
of a company with many teams adding information to different Web pages
on a daily basis, the Webmaster could get seriously bogged down with just
managing changes. Keeping track of those changes is the job of SiteRecorder,
a tool that lets a Webmaster watch for unauthorized changes, whether from
co-workers or the effect of defacement. These changes can be rolled back
if they were unauthorized.
Running as a Windows NT service, SiteRecorder can monitor sites by FTP,
folder space or FrontPage Extensions, looking at time/date stamps and
binary comparisons of files to search for any change to the Web site.
SiteRecorder also backs up Web sites locally and remotely and keeps track
of revisions and notifies folks of changes. But there isn’t any way in
SiteRecorder to keep changes from happening. You can set constraints to
alert you each time, but there’s no way for SiteRecorder to directly act
as an intercessor for changes. So, it’s not true change management, but
it’s close.
—Rick Butler
Looking Back: Traffic Analysis
Most organizations will also want to keep an eye on the trends in their
Web servers’ usage. IIS excels at collecting the raw data for trend analysis:
If you turn on IIS logging, it will save everything from pages requested
to the referring URLs to the IP addresses of the browsers used to access
your site. The problem is that the raw log files have too much data for
human beings to understand. An active Web site can quickly pile up hundreds
of megabytes or even gigabytes of logging information. How do you extract
useful information from all that data?
WebTrends
The answer is to use a log file analysis program. For this roundup, we
looked at two of the many tools available in this product niche: WebTrends
Analysis Suite and Analog.
NetIQ’s WebTrends is one of the more complex products in the log file
analysis market. For starters, WebTrends can go through your IIS logs
and summarize them in many different ways. You can find out which pages
were the most popular, where your traffic came from (both by referrer
and by location, thanks to a built-in geographic database), which paths
people take through your site, which are the most popular entry and exit
pages and so on. A variety of predefined (but customizable) reports in
HTML, Word, Excel and Text formats let you tailor the program’s output
for detailed analysis or executive overview.
 |
| Figure 3. WebTrends’ reporting starts with an
overview of your site’s activity, but it doesn’t stop there. (Click
image to view larger version.) |
But WebTrends’ capabilities don’t stop there. It can analyze sites big
enough to need server farms and track sessions that cross multiple servers.
It can analyze proxy server or streaming media server log files or walk
through an entire Web site looking for broken links. It can also monitor
servers and alert you when they’re down or compare the content of a caching
server with the original server to make sure they’re synchronized. Another
intriguing feature is the ability to extract part of a URL and use it
to look up information in a database. E-commerce sites, for example, will
find this useful for matching shopping cart activity to customer demographics.
All in all, WebTrends Analysis Suite will deliver just about every piece
of information that can possibly be extracted from your server logs.
—Mike Gunderloy
Analog
At the other end of the analysis spectrum, organizations whose IIS servers
aren’t mission-critical might like to try Analog. This freeware product
is a bit harder to use than WebTrends (you need to write a configuration
file by hand, rather than filling in property pages) and less flexible.
It also lacks the enterprise-level features of WebTrends. Where Analog
excels is in rapid extraction of essential information from log files.
Analog reports can summarize activity on your server, let you see when
peak traffic occurred, and inform you of popular pages and failing requests.
They’ll track referrers, search requests and browser distribution, as
well. Analog’s output is simple HTML, though there are some add-ons available
to produce graphs. If you’re just starting to think about log file analysis,
it’s worth downloading Analog to see whether you can extract the information
that you need for free.
—Mike Gunderloy
Different Strokes for Different IIS Folks
So which of these tools do you really need? Many IIS Web sites get by
without any tools at all. Of course, many IIS Web sites are poorly maintained
and have never had to produce a business case, either. Our own preference
is to use the tools that make our lives easier. Each of the products in
this roundup has a place on that list. WCAT provides some peace of mind
before a rollout, and eMon and SiteRecorder do the same when the site
is up and running. IISTracer can provide early warning of serious problems
brewing, and WebTrends and Analog give you all the information you can
possibly need for effective management. Next time you’re building a Web
server, think about these tools and their place in your work.