Page tree
Skip to end of metadata
Go to start of metadata

This pattern module extends the Microsoft IIS discovery by obtaining "Website", "FTP Server", "Web Application", "Virtual Directory" and "Application Pool" information from discovered IIS Webserver, modelling them as either Software Component (SC) or Detail nodes (as applicable) and relating them to the Microsoft IIS Server Software Instance they are components of.

Configuration Options

There are several configuration options available for this Extended Discovery:

  • sysroot_directories :=[ "C:\\Windows", "C:\\WINNT"]; - allows to use system root location (absolute path)
  • model_sc_microsoft_iis_site := true; - allows to model  IIS Websites and FTP Servers as SoftwareComponent
  • model_sc_microsoft_iis_web_application := true; - allows to model IIS Web Applications as SoftwareComponent ('Website' SoftwareComponent must be enabled!)
  • model_dt_website := false; - allows to model IIS Websites as Details
  • model_dt_web_application := false; - allows to model IIS Web Applications as Detail ('Website' Detail must be enabled!)
  • model_dt_virtual_directory := false; -  allows to model IIS Virtual Directories as Detail ('Web Application' Detail must be enabled!)
  • model_dt_application_pool := false; - allows to model IIS Application Pools as Detail

Software Pattern Summary

PatternIIS versionMethod
IISWebserver_DetailsIIS 7 and aboveActive, File, WMI
IISWebserver6_DetailsIIS 6File

Details and SoftwareComponents Type Attributes Created

IIS Entity nameDetail typeSoftwareComponent type
Application PoolApplication Pool-- not modelled --
WebsiteWebsiteMicrosoft IIS Website
FTP Site-- not modelled --Microsoft IIS FTP Site
Web ApplicationWeb ApplicationMicrosoft IIS Web Application
Virtual DirectoryVirtual Directory-- not modeled --

Note

Only 'Microsoft IIS Website' and 'Microsoft IIS Web Application' SoftwareComponent node creation is enabled by default as these entities if discovered are synced to the CMDB and of most use in Collaborative Application Mapping.

Note

Pattern configuration section allows the user to choose the depth of discovery they wish to perform and model only the required SoftwareComponent and/or Detail nodes, which helps to avoid creation of potentially a large number of redundant nodes and assists in maintaining pattern performance.

Note

Please note that chosen Details/SCs must meet architecture hierarchy, for example 'Virtual Directory' Detail will be modeled only if 'Web Application' and 'Website' Details are enabled as well.

Detail and Software Component attributes

Website

The Web site Details and Software Components have the following attributes

Attribute nameIIS6IIS7Comments
Nameyesyesexample: Microsoft IIS Website newsite.com
Binding Addressesyesyes

example: :81:, 172.17.55.139:81:www.site.name, [fe80::6827:4c3b:f9e9:be7e]:80:www.site.name

Secure Binding Addressesyesyesfor 'https' protocol
Locationyesnoexample: /LM/W3SVC/1542439402, used in IIS 6 for creation link between Websites, WebApps and VirtDirs
Application Poolyesno 

FTP Site

The FTP site Software Components have the following attributes

Attribute nameIIS6IIS7Comments
Nameyesyesexample: Microsoft IIS Website newsite.com
Binding Addressesyesyes

example: :81:, 172.17.55.139:81:www.site.name, [fe80::6827:4c3b:f9e9:be7e]:80:www.site.name

Secure Binding Addressesyesyesfor 'https' protocol
Locationyesnoexample: /LM/W3SVC/1542439402, used in IIS 6 for creation link between Websites, WebApps and VirtDirs
Application Poolyesno 

Web Application

The 'Web application' details and Software Components have the following attributes

Attribute nameIIS6IIS7Comments
Nameyesyesexample: Microsoft IIS Web Application /vdir_webapp on newsite.com
Application Nameyesnocreated from AppFriendlyName property of IIsWebVirtualDir or IIsWebDirectory DOM node
Locationyesnoexample: /LM/W3SVC/1542439402/root/vdir_webapp, used in IIS 6 for creation link between Websites, WebApps and VirtDirs
Application Poolyesyes 
Virtual Pathyesyes

is a path related to Website, thus full url to WebApp is: '<website_name>/<Virtual Path>'

, example

'newsite.com/vdir_webapp'

Physical Pathyesyes

example: C:\some\path\to\webapp

Note

Please note that in tku_2012-sep-1 for IIS 6 the name of 'Web application' Detail/SoftwareComponent was changed from "Microsoft IIS Web Application Application_Name" to "Microsoft IIS Web Application Virtual_Path on Website_name" in order to make such Details/SCs distinguishable and avoid a big number of similar Details/SCs due to the fact that AppFriendlyName property is not unique

Virtual Directory

The 'Virtual Directory' details and Software Components have the following attributes

Attribute nameIIS6IIS7Comments
Nameyesyesexample: Microsoft IIS Virtual Directory /vdir_vdir on newsite.com
Locationyesnoexample: /LM/W3SVC/1542439402/root/vdir_vdir, is used in IIS 6 for creation link between Websites, WebApps and VirtDirs
Virtual Pathyesyes 
Physical Pathyesyes

example: C:\some\path\to\virtdir

Application Model Produced by Software Pattern

SoftwareComponents architecture

IIS7 and IIS6: 'Microsoft IIS Website' SC -ContainedSoftware> 'Microsoft IIS Webserver' SI
IIS7 and IIS6: 'Microsoft IIS FTP Site' SC -ContainedSoftware> 'Microsoft IIS FTP Server' SI
IIS7 and IIS6: 'Microsoft IIS Web Application' SC -ContainedSoftware> 'Microsoft IIS Webserver' SI

Details architecture

IIS7 and IIS6: 'Application Pool' DT -Detail> 'Microsoft IIS Webserver' SI
IIS7 and IIS6: 'Web Application' DT -Contained> 'Website' DT -Detail> 'Microsoft IIS Webserver' SI
IIS7: 'Virtual Directory' DT -Contained> 'Web Application' DT -Contained> 'Website' DT -Detail> 'Microsoft IIS Webserver' SI
IIS6: 'Virtual Directory' DT -Contained> 'Website' DT -Detail> 'Microsoft IIS Webserver' SI

  • IIS 6 and IIS 7 architecture

  • IIS 6 Website Detail architecture

  • IIS 7 Website Detail architecture

Extended configuration information extraction

Depending on IIS version there are different methods for reading IIS configuration:

  • IIS 6: File method
  • IIS 7: Command, File and WMI methods

For Command and File methods <systemroot> variable is required, which is obtained from command "set systemroot" using regex: (?i)systemroot=(.+?)[\r\n]*$. If no value is obtained then <sysroot_directories> paths from pattern configuration sections are used.


IIS 6 - File method

For IIS v6, once the <systemroot>\system32\inetsrv\MetaBase.xmlfile is opened the pattern performs a number of Xpath queries on the file to extract the information regarding the web sites hosted on the server:


Application Pool

All Application pools are obtained using xpath query:

  • Application pool: /configuration/MBProperty/IIsApplicationPool/@Location

Website & FTP Site

All Website and FTP Site DOM nodes are obtained from xml file using regex:

  • regex '(?is)<iis(?:web|ftp)server.*?</iis(?:web|ftp)server'

then, pattern uses regexes to obtain the following information from each Website node:

  • website_name : regex '(?i)ServerComment\s*=\s*"(.+?)"'

  • application_pool : regex '(?i)AppPoolId\s*=\s*"(.+?)"'

  • binding addresses : regex '(?is)ServerBindings\s*=\s*"(.+?)"'

  • secure binding addresses: regex '(?is)SecureBindings\s*=\s*"(.+?)"'

  • location : regex '(?i)Location\s*=\s*"(.*?)"'

Web Applications

All Web Applications DON nodes are obtained from xml file using regexes:

  • regex '(?si)<IIsWebVirtualDir.*?</IIsWebVirtualDir>'
  • regex '(?si)<IIsWebDirectory.*?</IIsWebDirectory>'

Note

Differentiating between Web Applications and Virtual Directories is based only on existence of AppFriendlyName property in IIsWebVirtualDir or IIsWebDirectory DOM node

then, pattern uses regexes to obtain the following information from each Web Application DOM node (with AppFriendlyName attribute):

  • location : regex '(?i)Location\s*=\s*"(.+?)"'

  • physical path := regex '(?i)Path\s*=\s*"(.+?)"'

  • application pool : regex '(?i)AppPoolId\s*=\s*"(.+?)"'

  • application name : regex '(?i)AppFriendlyName\s*=\s*"(.+?)"'

Virtual Directories

All Virtual Directories DOM nodes are obtained from xml file using regex:

  • regex '(?si)<IIsWebVirtualDir.*?</IIsWebVirtualDir>'

then, pattern uses regexes to obtain the following information from each Virtual Directory DOM node:

  • location : regex '(?i)Location\s*=\s*"(.+?)"'

  • physical path : regex '(?i)Path\s*=\s*"(.+?)"'

IIS 7 - Command and File methods

Command and File methods obtain a xml-formatted information about IIS, thus the same xpath queries can be used to obtain information from command result or file content:

  • Command method: powershell -Command "$xml = <systemroot>\\system32\\inetsrv\\appcmd list config /section:system.applicationHost/sites /config:*; $xml -replace '(?i)\s(?:ad)?password\s*=\s*\S+',''" powershell -Command "$xml = %sys_root%\\system32\\inetsrv\\appcmd list config /section:system.applicationHost/applicationPools /config:*; $xml -replace '(?i)\s(?:ad)?password\s*=\s*\S+',''"

  • File method: <sys_root>\\system32\\inetsrv\\config\\applicationHost.config

All Application pools are obtained using xpath query:

  • Application pool: //system.applicationHost/applicationPools/add/@name


    If  xpath extraction failed, pattern parces command output  using regex: add\s+name="(\S+)"

All Websites DOM nodes are obtained from xml config file using regex:

  • regex '(?si)<site\s.*?</site>

Obtained Website or FTP Site DOM nodes contain information about each site as well as child "Web Applications" and "Virtual Directories" DOM nodes, thus, pattern uses xpath queries 'local' for each Website DOM node to obtain required information:

  • website_name: /site/@name

  • binding addresses: /site/bindings/binding[@protocol='http']/@bindingInformation

  • secure binding addresses : /site/bindings/binding[@protocol="https"]/@bindingInformation

  • protocol : /site/bindings/binding/@protocol

If the protocol is FTP this is an FTP Site, otherwise it is a website.

then obtain all Web Applications related the current Website:

  • virtual path: /site/application/@path


    for each Web Applicationobtain:


    • Application pool: /site/application[@path='%web_app_path%']/@applicationPool

    • All Virtual Directories related to the current Web Application:
      • virtual path: /site/application[@path='%web_app_path%']/virtualDirectory/@path


        for each Virtual Directoryobtain:


        • Physical Path: /site/application[@path='%web_app_path%']/virtualDirectory[@path='%virtdir_path%']/@physicalPath

IIS 7 - WMI method

For IIS v7 and above, IIS pattern attempts to execute a number of WMI queries:

NamespaceWMI Query
root\WebAdministrationSELECT Name FROM Site
root\WebAdministrationSELECT Name from ApplicationPool
root\WebAdministrationSELECT Path,ApplicationPool,SiteName from Application
root\WebAdministrationSELECT Path,PhysicalPath,SiteName,ApplicationPath from VirtualDirectory

Note

The rootWebAdministration namespace is installed on the host if the host has the IIS 7.x WMI provider installed. The WMI provider is installed by selecting the IIS Management Scripts and Tools component under Management Tools (or Web Management Tools). In Windows Vista, this is in the Windows Features dialog under Internet Information Services. On Windows Server 2008, this is in the Server Manager under the Web Server (IIS) role.

Database Discovery Relationship

This will only be attempted if the model_sc_microsoft_iis_website and model_sc_microsoft_iis_web_applications configuration options are set to their default value of True

The pattern obtains the list of connection names by one of the following methods

  • By parsing <web app physical path>/web.config with xpath //connectionStrings/add/@name and using the result as the connection string
  • By parsing <web app physical path>/web.config with xpath /configuration/connectionStrings/@configSource, then parsing the file referred to by that query with xpath //connectionStrings/add/@name

Note

The xpath query //connectionStrings/add/@name will work for .NET 2.0 and later. If it fails the pattern uses the .NET 1.0 xpath query //appSettings/add/@key

For each connection name the pattern obtains the connection string by parsing the web.config file or the file web.config references with one of the following regular expressions:

Note

An example connection string is server=Lsqlexpress;database=System;User ID=TEst;Password=pass

The pattern then creates a client server relationship to the database described in the connection string, the database in the server.

Starting from TKU March 2015, for ADDM 10.1.00.1 and later, the pattern creates communication relationships links between the Website SoftwareComponent of IIS WebServer SoftwareInstance and the related RDBMS SI.

Pattern Performance Considerations

Microsoft IIS installations which have large numbers of Web Applications (>1000) may need to be scanned with the option to model IIS Web Applications turned off (as either SoftwareComponent or Detail nodes) as discovery performance may otherwise not be acceptable.
In case of command/file parsing methods, Atrium Discovery will be executing a large number of Xpath queries which have a cumulative overhead which will become very obvious if discovery of IIS Web Applications is enabled in estates with IIS Servers that host hundreds of websites each hosting a number of applications.