Microsoft Internet Information Services - Extended Discovery
This pattern module extends the Microsoft IIS discovery by obtaining Website, FTP Server, Web Application, Virtual Directory, and Application Pool information from the discovered IIS Webserver, modelling them as Software Component (SC) or Detail nodes (as applicable) and relating them to the Microsoft IIS Server Software Instance which they are components of.
Configuration options
Important
Pattern configuration options enable you to customize the discovery by modeling only the required SoftwareComponent and/or Detail nodes. This customization prevents a large number of redundant nodes and assists in maintaining pattern performance.
The Extended Discovery supports the following configuration options:
- sysroot_directories :=[ "C:\\Windows", "C:\\WINNT"];
Enables to use a system root location (absolute path).
- model_sc_microsoft_iis_site := true;
Enables to model IIS Websites and FTP Servers as SoftwareComponent.
- model_sc_microsoft_iis_web_application := true;
Enables to model IIS Web Applications as SoftwareComponent (The 'Website' SoftwareComponent must be enabled).
- model_dt_website := false;
Enables to model IIS Websites as Details.
- model_dt_web_application := false;
Enables to model IIS Web Applications as Detail (The 'Website' Detail must be enabled).
- model_dt_virtual_directory := false;
Enables to model IIS Virtual Directories as Detail (The 'Web Application' Detail must be enabled).
- model_dt_application_pool := false;
Enables to model IIS Application Pools as Detail.
Software pattern summary
Pattern | IIS version | Method |
---|---|---|
IISWebserver_Details | IIS 7 and above | Active, File, WMI |
IISWebserver6_Details | IIS 6 | File |
Modeled Details and SoftwareComponents type attributes
Important
- You must choose Details and/or SoftwareComponents by following the architecture hierarchy; for example, the 'Virtual Directory' Detail is modeled only if 'Web Application' and 'Website' Details are enabled.
- Only 'Microsoft IIS Website' and 'Microsoft IIS Web Application' SoftwareComponent node creation is enabled by default because when these entities are discovered, they sync to the BMC MDB and are mostly used in Collaborative Application Mapping.
IIS Entity name | Detail type | SoftwareComponent type |
---|---|---|
Application Pool | Application Pool | -- not modeled -- |
Website | Website | Microsoft IIS Website |
FTP Site | -- not modeled -- | Microsoft IIS FTP Site |
Web Application | Web Application | Microsoft IIS Web Application |
Virtual Directory | Virtual Directory | -- not modeled -- |
Details and SoftwareComponents type attributes
Website
The Website Details and Software Components have the following attributes:
Attribute name | IIS6 | IIS7 | Comments |
---|---|---|---|
Name | Yes | Yes | Example: Microsoft IIS Website newsite.com |
Binding Addresses | Yes | Yes | Example: :81:, 172.17.55.139:81:www.site.name
|
Secure Binding Addresses | Yes | Yes | For HTTPS protocol. |
Location | Yes | No | Example: /LM/W3SVC/1542439402, used in IIS 6 to create a link between Websites, WebApps and VirtDirs. |
Application Pool | Yes | No | N/A |
FTP Site
The FTP site Software Components have the following attributes:
Attribute name | IIS6 | IIS7 | Comments |
---|---|---|---|
Name | Yes | Yes | Example: Microsoft IIS Website newsite.com |
Binding Addresses | Yes | Yes | Example: :81:, 172.17.55.139:81:www.site.name
|
Secure Binding Addresses | Yes | Yes | For HTTPS protocol. |
Location | Yes | No | Example: /LM/W3SVC/1542439402, used in IIS 6 to create a link between Websites, WebApps and VirtDirs. |
Application Pool | Yes | No | N/A |
Web Application
The 'Web application' details and Software Components have the following attributes:
Attribute name | IIS6 | IIS7 | Comments |
---|---|---|---|
Name | Yes | Yes | Example: Microsoft IIS Web Application /vdir_webapp on newsite.com |
Application Name | Yes | No | Created from the AppFriendlyName property of IIsWebVirtualDir or IIsWebDirectory DOM node. |
Location | Yes | No | Example: /LM/W3SVC/1542439402/root/vdir_webapp, used in IIS 6 to create a link between Websites, WebApps and VirtDirs. |
Application Pool | Yes | Yes | N/A |
Virtual Path | Yes | Yes | A path related to Website, therefore, the full URL to the WebApp is:
|
Physical Path | Yes | Yes | Example:
|
Virtual Directory
The 'Virtual Directory' details and Software Components have the following attributes:
Attribute name | IIS6 | IIS7 | Comments |
---|---|---|---|
Name | Yes | Yes | Example: Microsoft IIS Virtual Directory /vdir_vdir on newsite.com |
Location | Yes | No | example: /LM/W3SVC/1542439402/root/vdir_vdir, is used in IIS 6 to create a link between Websites, WebApps and VirtDirs. |
Virtual Path | Yes | Yes | N/A |
Physical Path | Yes | Yes | Example:
|
Application model
SoftwareComponents architecture
IIS7 and IIS6: 'Microsoft IIS Website' SC -ContainedSoftware> 'Microsoft IIS Webserver' SI
IIS7 and IIS6: 'Microsoft IIS FTP Site' SC -ContainedSoftware> 'Microsoft IIS FTP Server' SI
IIS7 and IIS6: 'Microsoft IIS Web Application' SC -ContainedSoftware> 'Microsoft IIS Webserver' SI
Details architecture
IIS7 and IIS6: 'Application Pool' DT -Detail> 'Microsoft IIS Webserver' SI
IIS7 and IIS6: 'Web Application' DT -Contained> 'Website' DT -Detail> 'Microsoft IIS Webserver' SI
IIS7: 'Virtual Directory' DT -Contained> 'Web Application' DT -Contained> 'Website' DT -Detail> 'Microsoft IIS Webserver' SI
IIS6: 'Virtual Directory' DT -Contained> 'Website' DT -Detail> 'Microsoft IIS Webserver' SI
The following images show examples of application models:
- IIS 6 and IIS 7 architecture
- IIS 6 Website Detail architecture
- IIS 7 Website Detail architecture
Information for the SoftwareComponents
As mentioned above, the pattern creates Detail nodes or SoftwareComponent nodes for Application Pools, Websites, FTP Sites, Web Applications, and Virtual Directories. How is obtains this information depends on the version
File method (IIS 6)
For IIS v6, when the
<systemroot>\system32\inetsrv\MetaBase.xml
file is opened, the pattern performs multiple XPath queries on the file to extract the information about the web sites hosted on the server.
Command and File methods (IIS 7 and later)
For Command and File methods, the <systemroot>
variable is required, which is obtained from the set systemroot
command by using the following regex:
(?i)systemroot=(.+?)[\r\n]*$
If no value is obtained, <sysroot_directories>
paths from pattern configuration sections are used.
Command and File methods obtain XML formatted information about IIS. Therefore, the same XPath queries can be used to obtain information from the command result or file content:
Command method:
"%windir%\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -Command "(& \"%sys_root%\\system32\\inetsrv\\appcmd\" list config /section:system.applicationHost/sites /config:*) -replace '(?i)\s(?:ad)?password\s*=\s*\S+','' | Out-String" 2>nul
"%windir%\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -Command "(& \"%sys_root%\\system32\\inetsrv\\appcmd\" list config /section:system.applicationHost/applicationPools /config:*) -replace '(?i)\s(?:ad)?password\s*=\s*\S+','' | Out-String" 2>nul
File method:
<sys_root>\\system32\\inetsrv\\config\\applicationHost.config
All Application pools are obtained by using an XPath query:
Application pool:
//system.applicationHost/applicationPools/add/@name
If XPath extraction fails, the pattern parses the command output by using regex:add\s+name="(\S+)"
All Websites DOM nodes are obtained from an XML config file by using the following regex:
'(?si)<site\s.*?</site>
Obtained Website or FTP Site DOM nodes contain information about each site and child "Web Applications" and "Virtual Directories" DOM nodes. Therefore, the pattern uses 'local' XPath queries for each Website DOM node to obtain the required information:
website_name:
/site/@name
binding addresses:
/site/bindings/binding[@protocol='http']/@bindingInformation
secure binding addresses:
/site/bindings/binding[@protocol="https"]/@bindingInformation
protocol:
/site/bindings/binding/@protocol
If the protocol is FTP, this is an FTP Site. Otherwise, it is a website. Then, the pattern obtains all Web Applications related to the current Website:
virtual path:
/site/application/@path
for each Web Application obtains:Application pool:
/site/application[@path='%web_app_path%']/@applicationPool
- All Virtual Directories related to the current Web Application:
virtual path:
/site/application[@path='%web_app_path%']/virtualDirectory/@path
for each Virtual Directory obtains:Physical Path:
/site/application[@path='%web_app_path%']/virtualDirectory[@path='%virtdir_path%']/@physicalPath
WMI method (IIS 7 and later)
For IIS version 7 and later, the IIS pattern attempts to execute multiple WMI queries:
Namespace | WMI Query |
---|---|
root\WebAdministration | SELECT Name FROM Site |
root\WebAdministration | SELECT Name from ApplicationPool |
root\WebAdministration | SELECT Path,ApplicationPool,SiteName from Application |
root\WebAdministration | SELECT Path,PhysicalPath,SiteName,ApplicationPath from VirtualDirectory |
Application Pool
All Application pools are obtained by using the following XPath query:
Application pool:
/configuration/MBProperty/IIsApplicationPool/@Location
Website & FTP Site
All Website and FTP Site DOM nodes are obtained from the XML file by using the following regex:
regex
'(?is)<iis(?:web|ftp)server.*?</iis(?:web|ftp)server'
then, the pattern uses regexes to obtain the following information from each Website node:
website_name : regex
'(?i)ServerComment\s*=\s*"(.+?)"'
application_pool : regex
'(?i)AppPoolId\s*=\s*"(.+?)"'
binding addresses : regex
'(?is)ServerBindings\s*=\s*"(.+?)"'
secure binding addresses: regex
'(?is)SecureBindings\s*=\s*"(.+?)"'
location : regex
'(?i)Location\s*=\s*"(.*?)"'
Web Applications
All Web Applications DON nodes are obtained from the XML file by using the following regexes:
- regex '(?si)<IIsWebVirtualDir.*?</IIsWebVirtualDir>'
- regex '(?si)<IIsWebDirectory.*?</IIsWebDirectory>'
Note
Differentiating between Web Applications and Virtual Directories is based only on the existence of the AppFriendlyName property in the IIsWebVirtualDir or IIsWebDirectory DOM node.
then, the pattern uses regexes to obtain the following information from each Web Application DOM node (with AppFriendlyName attribute):
location : regex
'(?i)Location\s*=\s*"(.+?)"'
physical path := regex
'(?i)Path\s*=\s*"(.+?)"'
application pool : regex
'(?i)AppPoolId\s*=\s*"(.+?)"'
application name : regex
'(?i)AppFriendlyName\s*=\s*"(.+?)"'
Virtual Directories
All Virtual Directories DOM nodes are obtained from the XML file by using the following regex:
regex
'(?si)<IIsWebVirtualDir.*?</IIsWebVirtualDir>'
then, the pattern uses regexes to obtain the following information from each Virtual Directory DOM node:
location : regex
'(?i)Location\s*=\s*"(.+?)"'
physical path : regex
'(?i)Path\s*=\s*"(.+?)"'
Database discovery relationship
The database discovery relationship is possible if the model_sc_microsoft_iis_website
and model_sc_microsoft_iis_web_applications
configuration options are set to their default value of True.
The pattern obtains the list of connection names by one of the following methods:
- By parsing
<web app physical path>/web.config
with XPath//connectionStrings/add/@name
and using the result as the connection string.
- By parsing
<web app physical path>/web.config
with XPath/configuration/connectionStrings/@configSource
, and then parsing the file referred to by that query with XPath//connectionStrings/add/@name
Important
The XPath query //connectionStrings/add/@name
works for .NET 2.0 and later. If it fails, the pattern uses the .NET 1.0 XPath query //appSettings/add/@key
For each connection name, the pattern obtains the connection string by parsing the web.config file or the web.config file references with one of the following regular expressions:
- (for .NET 2.0 and later)
//connectionStrings/addMicrosoft Internet Information Services - Extended Discovery/@connectionString
- (for .NET 1.0)
//connectionStrings/addMicrosoft Internet Information Services - Extended Discovery/@providerName
Important
An example connection string is server=Lsqlexpress;database=System;User ID=TEst;Password=pass
The pattern then creates a client-server relationship to the database described in the connection string, the database in the server.
The pattern creates communication relationships links between the Website SoftwareComponent of IIS WebServer SoftwareInstance and the related RDBMS SI.
Pattern performance considerations
Microsoft IIS installations that have more than 1000 Web Applications might need to be scanned with the option to model IIS Web Applications turned off (as either SoftwareComponent or Detail nodes). Overwise, discovery performance might not be acceptable. If you use command or file parsing methods, BMC Discovery executes a multitude of XPath queries that have a cumulative overhead. This becomes obvious if the discovery of IIS Web Applications is enabled in estates with IIS Servers that host hundreds of websites with multiple hosted applications.
Comments
Log in or register to comment.