You are previewing Operating .NET Framework-based Applications.
O'Reilly logo
Operating .NET Framework-based Applications

Book Description

Designed for administrators and developers, this book provides practical and prescriptive guidance for monitoring and operating enterprise-level applications based on the Microsoft® .NET Framework.

Table of Contents

  1. Operating .NET Framework-based Applications: On Microsoft Windows 2000 Server with .NET Framework 1.0
    1. SPECIAL OFFER: Upgrade this ebook with O’Reilly
    2. Contributors
      1. Development
      2. Test
      3. Edit
      4. Review
    3. 1. Introduction
      1. Welcome
      2. Who Should Read This Book
      3. Prerequisites
      4. Document Conventions
      5. How to Use this Book
        1. Monitoring .NET-Based Applications
          1. Chapter 2–Monitoring Concepts
          2. Chapter 3–Selecting Data Sources
          3. Chapter 4–Instrumenting .NET-Based Applications
          4. Chapter 5–Configuring Management Applications
          5. Chapter 6–Notifying and Reporting
        2. Securing .NET-Based Applications
          1. Chapter 7–General Security Recommendations
          2. Chapter 8–Managing Security with Windows 2000 Group Policy
          3. Chapter 9–Securing Servers Based on Role
          4. Chapter 10–Securing Servers Running .NET-Based Applications
          5. Chapter 11–Network Considerations for Servers Running .NET-Based Applications
          6. Chapter 12–Customizing the Security Environment for Specific Applications
        3. Sizing and Capacity Planning for .NET-Based Applications
          1. Chapter 13–Sizing and Capacity Planning for .NET-Based Applications
          2. Chapter 14–Sizing a .NET-Based Application
          3. Chapter 15–Capacity Planning
          4. Chapter 16–Performance Analysis
      6. Microsoft Operations Framework (MOF)
      7. What are .NET-Based Applications?
        1. What is Different About .NET-Based Applications?
          1. Implement Web Services
          2. Consume Web Services
      8. What is the .NET Framework?
        1. Common Language Runtime
      9. Defining the Business Scenario
        1. Fitch and Mather
          1. Business Aims
          2. Company Size and Composition
          3. Trading Levels
          4. The Data Center Environment
          5. Security
          6. Technologies
      10. Sample .NET-Based Application
        1. Key Technical Issues
        2. Technologies Used
        3. Architectural Diagram
          1. Presentation Tier
          2. Business Tier
          3. Data Tier
        4. Environments
          1. Management Environment
          2. Directory Services Environment
        5. Network Diagram
        6. End-User Activity
      11. Defining Usage and Test Scenarios
        1. Defining User Profiles
          1. The Browser
          2. The Buyer
          3. The Seller
        2. Usage and Test Scenarios
        3. Loading Fluctuations
      12. Summary
        1. More Information
      13. Test Scenarios
        1. Viewing Account Information
        2. Purchasing Stock
        3. Selling Stock
    4. I. Monitoring .NET-Based Applications
      1. 2. Application Monitoring Concepts
        1. Introduction
        2. Defining Application Health
          1. Characteristics of Healthy Applications
          2. Characteristics of Unhealthy Applications
          3. Monitoring Application Health
        3. Why Monitor Application Health?
        4. Defining Monitoring Terminology
          1. Tiers
          2. Logical Divisions
            1. Internet Information Services
            2. ASP.NET
            3. Managed Code Components
            4. Serviced Components
            5. .NET Remoting
            6. Data Logical Division
          3. Coarse-Grained and Fine-Grained Monitoring
        5. Application Monitoring Methodology
          1. Establishing the Monitoring Focus
          2. Determining the Physical and Application Architectures
          3. Identifying System Information
          4. Building a Baseline
          5. Augmenting the Picture
            1. Using Artificial Simulation and Stimulus
            2. Instrumenting Applications
          6. Multiple End-to-End Monitoring Techniques
        6. Monitoring Issues
          1. Monitoring Load
          2. Monitoring the Common Language Runtime
        7. Events and Metrics
          1. Defining an Event
          2. Event Timing
        8. Application Errors
          1. Memory Leaks
          2. Common Language Runtime Errors
          3. Application Hanging
          4. Communication Errors
        9. Summary
      2. 3. Selecting Data Sources
        1. Introduction
        2. Monitoring with System-Provided Data
          1. Reviewing Current Monitoring Provision
          2. Working in Stages
          3. Monitoring Tiers and Logical Divisions
          4. Defining Monitoring Levels
            1. Coarse-Grained Health Monitoring
            2. Fine-Grained Health Monitoring
          5. Distinguishing Between Applications
        3. Monitoring Logical Divisions
          1. Monitoring IIS
          2. Monitoring ASP.NET
          3. Monitoring .NET Common Language Runtime
          4. Monitoring .NET Remoting
          5. Monitoring Managed Code Components
          6. Monitoring Serviced Components
            1. AppMetrics Diagnostics Monitor
        4. Monitoring the Data Tier
        5. Monitoring Using Synthetic Transactions
        6. Summary
          1. More Information
      3. 4. Instrumenting .NET-Based Applications
        1. Introduction
        2. Designing Applications for Health Monitoring
          1. Managing by Exception
          2. Using Consistent Error Handling
        3. Enterprise Instrumentation Framework
          1. Reviewing Windows Instrumentation Methods
          2. Meeting EIF Requirements
          3. Understanding Microsoft EIF Architecture
            1. Event Schema
            2. Event Sources
              1. SoftwareElement Event Source
              2. Request Event Source
            3. Event Sinks
              1. TraceEventSink
              2. LogEventSink
              3. WMIEventSink
            4. Request Tracing
          4. Understanding EIF Configuration Files
            1. Application Configuration File
            2. Windows Event Trace Session Configuration Files
          5. Using EIF in a Distributed Environment
        4. EIF Methodology
          1. Define Event Sources
            1. Simple Instrumentation
            2. Instrumentation by Architecture
            3. Instrumentation by Category
            4. Instrumentation by Business Process
          2. Implement Request Tracing
          3. Add Event Instrumentation
        5. Configuring EIF
          1. Understanding EIF Application Configuration Settings
            1. eventSource
            2. eventSink
            3. eventCategory
            4. filter
            5. filterBindings
          2. Configuring Application Instrumentation
            1. Generating the Default EIF Configuration File
            2. EIF Configuration File Locations
            3. Modifying Default EIF Configuration File
          3. Configuring EIF in Distributed Environments
            1. Managing EIF Configuration Files in Distributed Environments
            2. EIF Configuration File Locations in Distributed Environments
            3. Request Tracing Configuration in Distributed Environments
            4. EIF Configuration Recommendations in Distributed Environments
          4. Configuring Windows Event Trace
            1. Defining Windows Event Trace Sessions
            2. Windows Event Trace Configuration in Distributed Environments
            3. Managing Windows Event Trace Sessions in Distributed Environments
        6. Summary
          1. More Information
      4. 5. Configuring Management Applications
        1. Introduction
        2. Implementing a Management Architecture
          1. Selecting Management Applications
            1. Application Center 2000
              1. Supporting Clusters
              2. Using Application Center with .NET Remoting
              3. Viewing Performance Counters
              4. Using Health Monitor
              5. Actions Node
              6. HTTP Provider
              7. COM+ Provider
            2. AppMetrics for Transactions
            3. Synthetic Transactions
              1. Web Monitor
              2. Web Monitor Architecture
            4. Microsoft Operations Manager
            5. Operations Manager Components
              1. Management Packs
              2. IIS Management Pack Module
              3. .NET Framework Management Pack Module
              4. Application Center 2000 Management Pack Module
              5. SQL Server Management Pack Module
          2. Understanding the Architectural Design
          3. Reviewing Core Management Services
            1. Performance Counters
            2. Event Logging
            3. Windows Management Instrumentation
              1. Namespaces
              2. Using WBEMTEST Tool
            4. Windows Event Tracing
        3. Customizing the Management Applications
          1. Customizing Application Center
            1. Copy the Sample Monitors
            2. Configure the Monitors
            3. Assign an E-mail Action
            4. Customize the Localhost Monitor
            5. Using the Application Center 2000 Resource Kit
          2. Customizing AppMetrics
            1. Using Production Monitors
            2. Using Diagnostics Monitors
          3. Customizing Web Monitor
          4. Customizing Microsoft Operations Manager
            1. Creating Computer Groups
            2. Customizing Public Views
            3. Monitoring IIS
            4. Monitoring the .NET Framework
            5. Monitoring Serviced Components
            6. Monitoring the Data Tier
            7. Monitoring EIF Events
              1. Monitoring Windows Event Log Events
              2. Monitoring WMI Events
              3. Monitoring Windows Event Tracing Events
            8. Monitoring Synthetic Transaction Events
        4. Summary
          1. More Information
      5. 6. Notifying and Reporting
        1. Introduction
        2. Notifications and Actions
          1. Defining Appropriate Actions
            1. Effective
            2. Timely
            3. Economically Justified
            4. Repeatable
          2. Defining Failure Levels
            1. Alert Severity and Relative Importance
              1. Informational
              2. Priority
              3. Urgent
              4. Immediate
            2. Service Failure Categories
            3. Defining Readiness States
              1. Normal
              2. Elevated
              3. High
              4. Highest
              5. Changing Alert States
            4. Preventing Alert Overload
            5. Restoring Services
        3. Implementing Notifications
          1. Creating a Notification Hierarchy
          2. Using Notification Methods
          3. Combining Notification Methods
          4. Understanding Notification Reliability
          5. Testing Notifications
          6. Notification Example
        4. Defining and Generating Reports
          1. General Principles
            1. Accuracy
            2. Timeliness
            3. Relevance
            4. Suitable Format
            5. Automatic Report Generation
          2. Creating the Reporting Environment
            1. Reporting for Decision Makers
            2. Reporting for Service Level Agreements
            3. Reporting for Technical Analysis
          3. Reporting on Specific .NET Framework Issues
            1. Interpreting Application Memory Consumption
            2. Reporting on Instrumented Applications
          4. Reporting on .NET-Connected Applications
          5. Reporting on Synthetic Transactions
          6. Reporting Resources
          7. Reporting with Microsoft Operations Manager
            1. Viewing and Editing Reports
            2. Automating Reports
          8. Reporting with Application Center 2000
          9. Reporting with AppMetrics
        5. Summary
      6. 7. Instrumentation Samples
        1. Request Trace Sample
        2. Audit Operation Event Sample
    5. II. Securing .NET-Based Applications
      1. 8. General Security Recommendations
        1. Introduction
        2. Get Secure and Stay Secure
          1. Get Secure
          2. Stay Secure
        3. Scope of this Guide
        4. Patch Management Strategies
          1. Determining Which Patches to Apply
          2. Deploying Service Packs and Hot Fixes
            1. Deploying Service Packs
              1. Deploying the Service Pack with SMS
              2. Deploying the Service Pack with Group Policy
            2. Deploying Hot Fixes
              1. Manual Installation of Hot Fixes
              2. Microsoft Software Update Services
              3. Deploying Hot Fixes with SMS
              4. Comparing SUS and SMS for Hot Fix Deployment
        5. Summary
          1. More Information
      2. 9. Managing Security with Windows 2000 Group Policy
        1. Introduction
        2. Importance of Using Group Policy
          1. How Group Policy is Applied
            1. Ensuring Group Policy is Applied
          2. Group Policy Structure
            1. Security Template Format
        3. Test Environment
        4. Checking your Domain Environment
          1. Verifying DNS Configuration
          2. Domain Controller Replication
            1. Forcing and Verifying Replication using Repadmin
          3. Centralize Security Templates
          4. Time Configuration
        5. Policy Design and Implementation
          1. Server Roles
          2. Active Directory Structure to Support the Server Roles
            1. Domain Level Policy
            2. Member Servers OU
            3. Domain Controllers OU
            4. Individual Server Role OUs
          3. Importing the Security Templates
        6. Keeping Group Policy Settings Secure
          1. Events in the Event Log
          2. Verifying Policy Using Local Security Policy MMC
          3. Verifying Policy Using Command Line Tools
            1. Secedit
            2. Gpresult
          4. Auditing Group Policy
        7. Troubleshooting Group Policy
          1. Resource Kit Tools
            1. GPResult
            2. GpoTool
          2. Group Policy Event Log Errors
        8. Summary
          1. More Information
      3. 10. Securing Servers Based on Role
        1. Introduction
        2. Domain Policy
          1. Password Policy
            1. Complexity Requirements
          2. Account Lockout Policy
        3. Member Server Baseline Policy
          1. Baseline Group Policy for Member Servers
            1. Member Server Baseline Auditing Policy
            2. Member Server Baseline Security Options Policy
              1. Additional Restrictions for Anonymous Connections
              2. LAN Manager Authentication Level
              3. Clear Virtual Memory Page File when System Shuts Down
              4. Digitally Sign Client/Server Communication
            3. Additional Security Options
              1. Security Considerations for Network Attacks
              2. Disable Auto Generation of 8.3 Filenames
              3. Disable Lmhash Creation
              4. Configuring NTLMSSP Security
              5. Disabling Autorun
            4. Member Server Baseline Registry Access Control Lists Policy
            5. Member Server Baseline File Access Control Lists Policy
            6. Member Server Baseline Services Policy
            7. Key Services Not Included in the Member Server Baseline
              1. SNMP Service
              2. WMI Services
              3. Messenger Service and Alert Service
        4. Domain Controller Baseline Policy
          1. Domain Controller Baseline Audit and Security Options Policy
          2. Domain Controller Baseline Services Policy
            1. Key Services Not Included in the Domain Controller Baseline Policy
              1. Simple Mail Transport Protocol (SMTP)
              2. Intersite Messaging
              3. IIS Admin Service
              4. Distributed Link Tracking Server Service
          3. Other Baseline Security Tasks
            1. Securing Built-in Accounts
            2. Securing Local Administrator Account
            3. Securing Service Accounts
            4. Validating the Baseline Configuration
              1. Validate Port Configuration
        5. Windows 2000 Application Server Role
        6. Changes to the Recommended Environment
          1. Administration Changes
          2. Security Modifications if MBSA is Not Implemented
        7. Summary
          1. More Information
      4. 11. Securing Servers Running .NET-Based Applications
        1. Introduction
        2. Test Environment
        3. Securing Server Roles for .NET-Based Applications
          1. Presentation Tier Server Role
            1. Applying Security Template to Presentation Tier Servers
            2. Presentation Tier Services Policy
            3. Presentation Tier Auditing Policy
            4. Presentation Tier Account Lockout Policy
            5. Presentation Tier File Access Control Lists Policy
            6. Presentation Tier Additional Security Options
            7. Removing NetBIOS
          2. Business Tier Server Role
            1. Importing the Security Template
            2. Business Tier Server Incremental Policy
            3. Business Tier Server Services Settings
            4. Additional Security Options
            5. File Access Control Lists Policy
          3. Development Server Roles
          4. Other Server Roles
        4. Additional Security Measures
          1. IIS Lockdown
            1. IIS Lockdown Ini File
            2. URLScan Template
            3. Using the IIS Lock Down Wizard
          2. ASP.NET Considerations
            1. Configuration Files
            2. Configuration Inheritance
            3. ASP.NET Applications on Domain Controllers
            4. Configuration File Settings
            5. Protecting Sensitive Information in Configuration files
            6. Machine.Config Settings
              1. Defining Specific Application Settings
              2. System.Web Section <authentication>
            7. Web.Config Settings
          3. Removing Sample Applications
          4. File and Folder Permissions
        5. Summary
          1. More Information
      5. 12. Network Considerations for Servers Running .NET-Based Applications
        1. Defining the Network
          1. Identifying Physical Components
            1. Using Server Roles
          2. Identifying Logical Components
          3. Identify Traffic Flow
        2. Secure Traffic Flow
          1. Protocols to Secure Transmitted Data
            1. Server Message Block Signing
            2. Secure Socket Layers
              1. Obtaining Web Server Certificates
              2. Installing an SSL Certificate for a Web Site
              3. Enabling SSL Encryption
            3. Internet Protocol Security
            4. Internet Protocol Security Using Authentication Headers
            5. IPSec Using Encapsulating Security Payloads
            6. Implementing IPSec
            7. Choosing Between IPSec and SSL
          2. Protecting Against Attack
            1. Data Integrity Attacks
            2. Data Inspection Attacks
          3. Increase Security with ISA Server
            1. Web Publishing with ISA
            2. Server Publishing with ISA
            3. Implementing Application Filters
            4. Guidelines for Increasing Security with ISA Server
        3. Protecting Authentication Credentials
          1. Available Authentication Methods
            1. Anonymous Authentication
            2. Basic Authentication
            3. Digest Authentication
            4. Integrated Windows Authentication
            5. Certificate Authentication
            6. Microsoft .NET Passport
            7. Custom Authentication
        4. Summary
          1. More Information
      6. 13. Customizing the Security Environment for Specific Applications
        1. Determining Specific Application Requirements
          1. Using a Test Environment to Determine Requirements
            1. Patch Management
            2. Auditing for File and Registry Access
              1. Configuring Auditing Using Security Templates
            3. Installing the Application
            4. Running the Application
            5. Modifying the Security Templates
            6. Applying the Templates and Final Testing
            7. Disabling File and Registry Auditing
            8. Specific Network Protocol Requirements
        2. Customizing Security for FMStocks
          1. Application Center
          2. FMStocks Security Templates
            1. Auditing
            2. Services
            3. Folder Permissions
          3. FMStocks ASP.NET Configuration Files
          4. IIS Lockdown and URLScan
          5. Securing Network Communications for FMStocks
        3. Summary
          1. More Information
      7. 14. Files Secured
      8. 15. Default Windows 2000 Services
      9. 16. Additional Services
      10. 17. IIS Security Settings
        1. .NET Framework Production Server
        2. .NET Framework Development Server
    6. III. Sizing and Capacity Planning for .NET-Based Applications
      1. 18. Sizing and Capacity Planning for .NET-Based Applications
        1. Introduction
          1. Module Flow
          2. Describing Analysis Levels
          3. Defining Sizing
            1. Representing Workload
            2. Sizing and Service Level Agreements
          4. Defining Capacity Planning
          5. Linking Performance, Sizing, and Capacity Planning
          6. Identifying Changes with the .NET Framework
        2. Sizing and Capacity Planning Concepts
          1. Understanding Queuing Theory
          2. Plotting the Knee of the Curve
            1. Utilization, Queues, and Throughput
            2. Identifying the Knee of the Curve
          3. Linking Service Chains and Instrumentation
          4. Defining Productive Capacity
          5. Linking Latency, Response Time, and Throughput
            1. Network Latency
            2. Response Time
            3. Throughput
            4. Reliability and Availability
          6. Illustrating Application Behavior
            1. Response Time Graph
            2. ASP.NET Queue Length
            3. Throughput
            4. Processor Utilization
        3. Summary
          1. More Information
      2. 19. Sizing a .NET-Based Application
        1. Introduction
        2. Applying the Sizing Benchmark Methodology
        3. Defining High Level Goals
        4. Understanding the Architecture
        5. Drafting the Service Level Agreement
          1. Recording Acceptable Response Times
          2. Identifying Throughput Goals
          3. Specifying Simultaneous Users
          4. Linking to External Systems
        6. Characterizing Workload
          1. Creating Workload Patterns
          2. Determining Usage Patterns
          3. Planning for Growth
          4. Analyzing Fitch and Mather Usage Patterns
        7. Generating Workload
          1. Identifying Maximum Throughput
          2. Choosing Performance Counters
          3. Using Application Center Test
            1. Customizing ACT Test Settings
            2. Analyzing ACT Test Results
              1. Requests Summary Reports
              2. Graphs Report
          4. Testing the Sample FMStocks Scenario
        8. Analyzing Sizing Data
          1. Analyzing Performance Counters
            1. Processor Counters
              1. Context Switching
              2. Processor Queue Length
            2. Memory Counters
              1. Insufficient Physical Memory
              2. Coping with Memory Leaks
              3. Using Allocation Profiler
          2. Analyzing IIS Log Files
            1. Understanding IIS Log Files
            2. FMStocks Example
              1. FMStocks Performance Counters
              2. FMStocks IIS Log Files
          3. Tracing Code Issues in ASP.NET
        9. Sizing Resources
          1. Sizing Processors
            1. Context Switching
            2. Multiprocessors and Hyper-Threading
          2. Sizing Memory
          3. Sizing I/O
            1. Disk Storage
            2. Disk Performance
          4. Sizing Network Resources
            1. Default Network Card Settings
            2. Processor Interrupts
        10. Sizing and Scalability
          1. Understanding Scaling Out
          2. Understanding Scaling Up
          3. Implementing Features that Affect Scalability
            1. Internet Information Service 5.0
            2. Application and Session State
            3. Caching in ASP.NET
            4. ViewState Function
            5. ADO.NET
        11. Summary
          1. More Information
      3. 20. Capacity Planning
        1. Introduction
        2. Capacity Planning Factors
          1. Profiling your Users
          2. Understanding your Application
          3. Analyzing Computer Configuration
          4. Measuring Capacity
            1. Application Center Test
            2. System Monitor
            3. Performance Logging and Alerts
            4. Microsoft Network Monitor
            5. IIS Log Files
            6. SQL Profiler
            7. SQL Query Analyzer
          5. Allowing for Peaks in Demand
        3. Predictive Analysis
          1. Instrumenting .NET-Based Applications
          2. Selecting Performance Counters
          3. Collecting Performance Data with MOM
            1. MOM Performance Counters
            2. Adding Performance Measuring Rules
            3. Registering Processing Rules
            4. Viewing Data from the Performance Measuring Rules
          4. Accessing the MOM Database
          5. Analyzing Historical Performance Data
            1. Extracting Data with DTS
            2. Analyzing Usage Data Using Excel
            3. Analyzing the Results
        4. Transaction Cost Analysis
          1. Defining Usage Profiles
            1. Identifying User Operations
            2. Calculating Session Length and User Operations Per Session
          2. Testing User Operation Costs under Load
            1. Focusing on Individual Operations
            2. Ensuring Consistent and Operational States
          3. Calculating Operating Costs
            1. Applying Formulas for Calculating Operation Costs
            2. Calculating User Operation Costs
            3. Analyzing Iterations
            4. Calculating User Profile Costs
            5. Identifying Maximum User Numbers
          4. Calculating Application Capacity
          5. Verifying Your Calculations
          6. Performing "What If" Scenarios
        5. Summary
          1. More Information
      4. 21. Performance Analysis
        1. Fulfilling Performance Prerequisites
        2. Components of the .NET Framework
          1. Understanding the Common Language Runtime
            1. Garbage Collection and Memory Management
            2. Managing Large Objects
            3. Total Memory Consumption
            4. Garbage Collection and Finalization Issues
            5. Pinned Objects
            6. Garbage Collector Versions
            7. COM Interop and Platform Invoke
          2. Coping with Exceptions
          3. Using the Global Assembly Cache
          4. Just-In-Time Compiler
          5. Implementing Security
          6. Understanding Application Domains
          7. ASP.NET
            1. General Performance Issues in ASP.NET
            2. ASP.NET Exceptions
          8. Tracking Memory Consumption
          9. Maintaining Session State
            1. In-Process Session State
            2. Out of Process
            3. SQL Server
          10. Identifying Session State Issues
          11. Using Caching
          12. Applying Server Controls
            1. View State Values
            2. Programming Language Considerations for ASP.NET
          13. Configuring ASP.NET
        3. Implementing .NET Remoting
          1. Identifying .NET Remoting Components
            1. Channels
            2. Hosting
            3. Marshalling
              1. Marshal by Value
              2. Marshal by Reference
              3. Asynchronous and Synchronous Method Calls
              4. CallContext
              5. Activation Modes
          2. Using Formatters
          3. Configuring .NET Remoting
          4. Monitoring Other .NET Remoting Performance Counters
          5. Comparing ASP.NET to ASP.NET Web Services
        4. Applying .NET Logging and Tracing
          1. Logging Errors to Event Logging Mechanisms
          2. Logging IIS Requests
        5. Summary
          1. More Information
      5. 22. Using EIF for Capacity Planning
        1. Listing EIF Performance Counters
          1. Using Event Sink Category
          2. Using Event Sources: SoftwareElement Category
          3. Using Event Sources: Request Category
        2. Incorporating Instrumentation for Capacity Planning
          1. Applying Request Tracing
            1. Determining Time to Complete a Business Process
            2. Determining Maximum Completion Rate
    7. Index
    8. SPECIAL OFFER: Upgrade this ebook with O’Reilly