This pattern module extends the Microsoft IIS discovery by obtaining "Website", "FTP Server", "Web Application", "Virtual Directory" and "Application Pool" information from discovered IIS Webserver, modelling them as either Software Component (SC) or Detail nodes (as applicable) and relating them to the Microsoft IIS Server Software Instance they are components of.
There are several configuration options available for this Extended Discovery:
Pattern | IIS version | Method |
---|---|---|
IISWebserver_Details | IIS 7 and above | Active, File, WMI |
IISWebserver6_Details | IIS 6 | File |
IIS Entity name | Detail type | SoftwareComponent type |
---|---|---|
Application Pool | Application Pool | -- not modelled -- |
Website | Website | Microsoft IIS Website |
FTP Site | -- not modelled -- | Microsoft IIS FTP Site |
Web Application | Web Application | Microsoft IIS Web Application |
Virtual Directory | Virtual Directory | -- not modeled -- |
Note
Only 'Microsoft IIS Website' and 'Microsoft IIS Web Application' SoftwareComponent node creation is enabled by default as these entities if discovered are synced to the CMDB and of most use in Collaborative Application Mapping.
Note
Pattern configuration section allows the user to choose the depth of discovery they wish to perform and model only the required SoftwareComponent and/or Detail nodes, which helps to avoid creation of potentially a large number of redundant nodes and assists in maintaining pattern performance.
Note
Please note that chosen Details/SCs must meet architecture hierarchy, for example 'Virtual Directory' Detail will be modeled only if 'Web Application' and 'Website' Details are enabled as well.
The Web site Details and Software Components have the following attributes
Attribute name | IIS6 | IIS7 | Comments |
---|---|---|---|
Name | yes | yes | example: Microsoft IIS Website newsite.com |
Binding Addresses | yes | yes | example: :81:, 172.17.55.139:81:www.site.name, [fe80::6827:4c3b:f9e9:be7e]:80:www.site.name |
Secure Binding Addresses | yes | yes | for 'https' protocol |
Location | yes | no | example: /LM/W3SVC/1542439402, used in IIS 6 for creation link between Websites, WebApps and VirtDirs |
Application Pool | yes | no |
The FTP site Software Components have the following attributes
Attribute name | IIS6 | IIS7 | Comments |
---|---|---|---|
Name | yes | yes | example: Microsoft IIS Website newsite.com |
Binding Addresses | yes | yes | example: :81:, 172.17.55.139:81:www.site.name, [fe80::6827:4c3b:f9e9:be7e]:80:www.site.name |
Secure Binding Addresses | yes | yes | for 'https' protocol |
Location | yes | no | example: /LM/W3SVC/1542439402, used in IIS 6 for creation link between Websites, WebApps and VirtDirs |
Application Pool | yes | no |
The 'Web application' details and Software Components have the following attributes
Attribute name | IIS6 | IIS7 | Comments |
---|---|---|---|
Name | yes | yes | example: Microsoft IIS Web Application /vdir_webapp on newsite.com |
Application Name | yes | no | created from AppFriendlyName property of IIsWebVirtualDir or IIsWebDirectory DOM node |
Location | yes | no | example: /LM/W3SVC/1542439402/root/vdir_webapp, used in IIS 6 for creation link between Websites, WebApps and VirtDirs |
Application Pool | yes | yes | |
Virtual Path | yes | yes | is a path related to Website, thus full url to WebApp is: '<website_name>/<Virtual Path>' , example'newsite.com/vdir_webapp' |
Physical Path | yes | yes | example: C:\some\path\to\webapp |
Note
Please note that in tku_2012-sep-1 for IIS 6 the name of 'Web application' Detail/SoftwareComponent was changed from "Microsoft IIS Web Application Application_Name" to "Microsoft IIS Web Application Virtual_Path on Website_name" in order to make such Details/SCs distinguishable and avoid a big number of similar Details/SCs due to the fact that AppFriendlyName property is not unique
The 'Virtual Directory' details and Software Components have the following attributes
Attribute name | IIS6 | IIS7 | Comments |
---|---|---|---|
Name | yes | yes | example: Microsoft IIS Virtual Directory /vdir_vdir on newsite.com |
Location | yes | no | example: /LM/W3SVC/1542439402/root/vdir_vdir, is used in IIS 6 for creation link between Websites, WebApps and VirtDirs |
Virtual Path | yes | yes | |
Physical Path | yes | yes | example: C:\some\path\to\virtdir |
IIS7 and IIS6: 'Microsoft IIS Website' SC -ContainedSoftware> 'Microsoft IIS Webserver' SI
IIS7 and IIS6: 'Microsoft IIS FTP Site' SC -ContainedSoftware> 'Microsoft IIS FTP Server' SI
IIS7 and IIS6: 'Microsoft IIS Web Application' SC -ContainedSoftware> 'Microsoft IIS Webserver' SI
IIS7 and IIS6: 'Application Pool' DT -Detail> 'Microsoft IIS Webserver' SI
IIS7 and IIS6: 'Web Application' DT -Contained> 'Website' DT -Detail> 'Microsoft IIS Webserver' SI
IIS7: 'Virtual Directory' DT -Contained> 'Web Application' DT -Contained> 'Website' DT -Detail> 'Microsoft IIS Webserver' SI
IIS6: 'Virtual Directory' DT -Contained> 'Website' DT -Detail> 'Microsoft IIS Webserver' SI
Depending on IIS version there are different methods for reading IIS configuration:
For Command and File methods <systemroot> variable is required, which is obtained from command "set systemroot" using regex: (?i)systemroot=(.+?)[\r\n]*$. If no value is obtained then <sysroot_directories> paths from pattern configuration sections are used.
For IIS v6, once the <systemroot>\system32\inetsrv\MetaBase.xmlfile is opened the pattern performs a number of Xpath queries on the file to extract the information regarding the web sites hosted on the server:
All Application pools are obtained using xpath query:
Application pool: /configuration/MBProperty/IIsApplicationPool/@Location
All Website and FTP Site DOM nodes are obtained from xml file using regex:
regex '(?is)<iis(?:web|ftp)server.*?</iis(?:web|ftp)server'
then, pattern uses regexes to obtain the following information from each Website node:
website_name : regex '(?i)ServerComment\s*=\s*"(.+?)"'
application_pool : regex '(?i)AppPoolId\s*=\s*"(.+?)"'
binding addresses : regex '(?is)ServerBindings\s*=\s*"(.+?)"'
secure binding addresses: regex '(?is)SecureBindings\s*=\s*"(.+?)"'
location : regex '(?i)Location\s*=\s*"(.*?)"'
All Web Applications DON nodes are obtained from xml file using regexes:
Note
Differentiating between Web Applications and Virtual Directories is based only on existence of AppFriendlyName property in IIsWebVirtualDir or IIsWebDirectory DOM node
then, pattern uses regexes to obtain the following information from each Web Application DOM node (with AppFriendlyName attribute):
location : regex '(?i)Location\s*=\s*"(.+?)"'
physical path := regex '(?i)Path\s*=\s*"(.+?)"'
application pool : regex '(?i)AppPoolId\s*=\s*"(.+?)"'
application name : regex '(?i)AppFriendlyName\s*=\s*"(.+?)"'
All Virtual Directories DOM nodes are obtained from xml file using regex:
regex '(?si)<IIsWebVirtualDir.*?</IIsWebVirtualDir>'
then, pattern uses regexes to obtain the following information from each Virtual Directory DOM node:
location : regex '(?i)Location\s*=\s*"(.+?)"'
physical path : regex '(?i)Path\s*=\s*"(.+?)"'
Command and File methods obtain a xml-formatted information about IIS, thus the same xpath queries can be used to obtain information from command result or file content:
Command method: powershell -Command "$xml = <systemroot>\\system32\\inetsrv\\appcmd list config /section:system.applicationHost/sites /config:*; $xml -replace '(?i)\s(?:ad)?password\s*=\s*\S+','' | Write-Host" powershell -Command "$xml = %sys_root%\\system32\\inetsrv\\appcmd list config /section:system.applicationHost/applicationPools /config:*; $xml -replace '(?i)\s(?:ad)?password\s*=\s*\S+','' | Write-Host"
File method: <sys_root>\\system32\\inetsrv\\config\\applicationHost.config
All Application pools are obtained using xpath query:
Application pool: //system.applicationHost/applicationPools/add/@name
If xpath extraction failed, pattern parces command output using regex:
add\s+name="(\S+)"
All Websites DOM nodes are obtained from xml config file using regex:
regex '(?si)<site\s.*?</site>
Obtained Website or FTP Site DOM nodes contain information about each site as well as child "Web Applications" and "Virtual Directories" DOM nodes, thus, pattern uses xpath queries 'local' for each Website DOM node to obtain required information:
website_name: /site/@name
binding addresses: /site/bindings/binding[@protocol='http']/@bindingInformation
secure binding addresses : /site/bindings/binding[@protocol="https"]/@bindingInformation
protocol : /site/bindings/binding/@protocol
If the protocol is FTP this is an FTP Site, otherwise it is a website.
then obtain all Web Applications related the current Website:
virtual path: /site/application/@path
for each Web Applicationobtain:
Application pool: /site/application[@path='%web_app_path%']/@applicationPool
virtual path: /site/application[@path='%web_app_path%']/virtualDirectory/@path
for each Virtual Directoryobtain:
Physical Path: /site/application[@path='%web_app_path%']/virtualDirectory[@path='%virtdir_path%']/@physicalPath
For IIS v7 and above, IIS pattern attempts to execute a number of WMI queries:
Namespace | WMI Query |
---|---|
root\WebAdministration | SELECT Name FROM Site |
root\WebAdministration | SELECT Name from ApplicationPool |
root\WebAdministration | SELECT Path,ApplicationPool,SiteName from Application |
root\WebAdministration | SELECT Path,PhysicalPath,SiteName,ApplicationPath from VirtualDirectory |
Note
The rootWebAdministration namespace is installed on the host if the host has the IIS 7.x WMI provider installed. The WMI provider is installed by selecting the IIS Management Scripts and Tools component under Management Tools (or Web Management Tools). In Windows Vista, this is in the Windows Features dialog under Internet Information Services. On Windows Server 2008, this is in the Server Manager under the Web Server (IIS) role.
This will only be attempted if the model_sc_microsoft_iis_website and model_sc_microsoft_iis_web_applications configuration options are set to their default value of True
The pattern obtains the list of connection names by one of the following methods
Note
The xpath query //connectionStrings/add/@name will work for .NET 2.0 and later. If it fails the pattern uses the .NET 1.0 xpath query //appSettings/add/@key
For each connection name the pattern obtains the connection string by parsing the web.config file or the file web.config references with one of the following regular expressions:
Note
An example connection string is server=Lsqlexpress;database=System;User ID=TEst;Password=pass
The pattern then creates a client server relationship to the database described in the connection string, the database in the server.
Starting from TKU March 2015, for ADDM 10.1.00.1 and later, the pattern creates communication relationships links between the Website SoftwareComponent of IIS WebServer SoftwareInstance and the related RDBMS SI.
Microsoft IIS installations which have large numbers of Web Applications (>1000) may need to be scanned with the option to model IIS Web Applications turned off (as either SoftwareComponent or Detail nodes) as discovery performance may otherwise not be acceptable.
In case of command/file parsing methods, Atrium Discovery will be executing a large number of Xpath queries which have a cumulative overhead which will become very obvious if discovery of IIS Web Applications is enabled in estates with IIS Servers that host hundreds of websites each hosting a number of applications.