In-Depth

Souping Up Your IIS Server

Strengthen your infrastructure for serious IIS use with these monitoring and analysis tools.

Microsoft Internet Information Server is an excellent Web server that integrates well with the rest of the Microsoft server infrastructure. But sometimes the management tools that Microsoft provides with IIS leave something to be desired. Suppose you want to stress-test your server to see what load it can handle, or analyze your Web traffic so that you can know which pages on your site are most popular? What if you need to monitor the Web site for trouble or recover from unexpected failures? In this roundup, we’ll look at a variety of add-on products that can help you more effectively manage your IIS-served Web site.

Before You Deploy: Stress-Testing
You’ll probably need your first tool before you even put an IIS server on the Internet. Do you know how much traffic your Web servers can handle? Do you know how much is too much? The Web Capacity Analysis Tool (WCAT) from Microsoft can help. WCAT is one of nearly 300 tools available in the Microsoft Windows 2000 Server Resource Kit. WCAT is a client-server system that runs simulated workloads on your Web server. WCAT is made up of three components—the WCAT Server, which is the system being tested; the WCAT Controller, which administers and tracks the test; and the WCAT client, which tests the server. This design allows for the tested system to only be loaded by Web requests, without the burden of processing test administration as well. The WCAT client application runs in a single, multithreaded process that can spawn multiple threads, each representing a virtual client that then throws page requests at the server. WCAT can support up to 200 virtual clients on each client computer involved in a WCAT test, and the WCAT Controller can coordinate multiple client computers.

Product Information

Microsoft Web Capacity Analysis Tool Part of the Windows 2000 Server Resource Kit, $299
Microsoft Press ISBN 1-57231-805-8
www.microsoft.com/mspress/default.asp

eMon Monitor v. 2.9.12, $795
Engagent
Kirkland, Washington
(425) 820-9999
www.engagent.com

IISTracer 2.00, $99 single license/$790 site
PSTruh Software
Czechoslovakia
www.pstruh.cz

Site Recorder 1.0, $795
LockStep Systems
Scottsdale, Arizona
(480) 596-9432
www.lockstep.com

WebTrends Analysis Suite Advanced Edition v7.0, $2,499 for one server
NetIQ
Portland, Oregon
(503) 294-7025
www.Webtrends.com

Analog 5.1, Free
www.analog.cx

WCAT includes many predefined tests for basic operations, including HTML and ASP requests, “keep alive,” and SSL operations. These predefined tests allow you to get up and running quickly with your analysis. You can also create your own custom tests.

WCAT is an inexpensive way to test different configurations to see which one will be the optimal configuration for your applications. If you’re expecting a substantial load on your IIS server, running these tests before you deploy will help ensure that the hardware is up to the task.

—Stewart Cawthray

Daily Chores: Monitoring and Management
After your Web site goes live, you face a new set of challenges in monitoring your server and recovering from any problems. We looked at three tools in this category: eMon, IISTracer and SiteRecorder. Each has its own particular focus and place in your toolbox.

eMon
eMon Monitor (Figure 1) is a server monitoring tool with excellent flexibility that can be used with a variety of server types (not just IIS servers). It can monitor servers with a variety of pings—ICMP, TCP/IP, UDP, IPX, NetBIOS—and other yes/no tests: specific file presence, disk space available within criteria, SQL, Oracle, database server availability, HTTP URL access, and NT service state. Other tests include NT Event Log monitoring, where you may specify a condition that will trigger an alert, and checking whether a particular application is running. No agents are installed on monitored devices, since eMon uses “pull” rather than push. The default reports are formatted as Web pages accessed via a built-in Web server. This means you can check the reports from anywhere, thus giving you close-to-real-time remote reporting

eMon
Figure 1. eMon can monitor multiple servers using a variety of tools to ensure their continued operation. (Click image to view larger version.)

Though not difficult to configure, eMon is a little tedious to set up, especially in larger environments. You must select the “ check type” server and the monitoring parameter for every entry. You can group sets of servers or services together in folders; the whole folder changes color if it contains an active alert. You can also have eMon notify you of problems by several means: customizable sound on the monitoring station, e-mail alerts, or pop-up messages.

eMon goes beyond simple connectivity tests and is quite capable if you spend the time setting up all the parameters that make monitoring useful.

—Douglas Mechaber

IISTracer
If you’d like to monitor your Web site in real time, take a look at PSTRUH Software’s IISTracer, shown in Figure 2. IISTracer is an ISAPI (Internet Services API) library that you load directly on your IIS server. It sits unobtrusively in the background, monitoring traffic and displaying the current activity on screen. You can configure a variety of options, including a threshold for long-running requests so that the monitoring screen will only show files that are taking a long time to deliver. You can also log problem activity for future analysis.

IISTracer
Figure 2. IISTracer provides real-time Web site monitoring, including a look at recently delivered pages and the HTTP headers that retrieved them. (Click image to view larger version.)

In addition to giving you a feel for the patterns of activity on your server, IISTracer can be an effective way to spot an attack in progress. Spotting the pattern of unusual URLs sent by Code Red, or a bunch of long-running connections in a denial-of-service attack, may let you take immediate corrective action. Screentips on the IISTracer display even show you the HTTP headers sent to your server, so you can see which browsers your customers are using or which sites are sending traffic your way.

—Mike Gunderloy

SiteRecorder
Change management can be a tricky thing when it comes to managing a Web site. Many companies have a single Webmaster keeping tabs on who changes what on the corporate Web. But if the organization is a nice big monster of a company with many teams adding information to different Web pages on a daily basis, the Webmaster could get seriously bogged down with just managing changes. Keeping track of those changes is the job of SiteRecorder, a tool that lets a Webmaster watch for unauthorized changes, whether from co-workers or the effect of defacement. These changes can be rolled back if they were unauthorized.

Running as a Windows NT service, SiteRecorder can monitor sites by FTP, folder space or FrontPage Extensions, looking at time/date stamps and binary comparisons of files to search for any change to the Web site.

SiteRecorder also backs up Web sites locally and remotely and keeps track of revisions and notifies folks of changes. But there isn’t any way in SiteRecorder to keep changes from happening. You can set constraints to alert you each time, but there’s no way for SiteRecorder to directly act as an intercessor for changes. So, it’s not true change management, but it’s close.

—Rick Butler

Looking Back: Traffic Analysis
Most organizations will also want to keep an eye on the trends in their Web servers’ usage. IIS excels at collecting the raw data for trend analysis: If you turn on IIS logging, it will save everything from pages requested to the referring URLs to the IP addresses of the browsers used to access your site. The problem is that the raw log files have too much data for human beings to understand. An active Web site can quickly pile up hundreds of megabytes or even gigabytes of logging information. How do you extract useful information from all that data?

WebTrends
The answer is to use a log file analysis program. For this roundup, we looked at two of the many tools available in this product niche: WebTrends Analysis Suite and Analog.

NetIQ’s WebTrends is one of the more complex products in the log file analysis market. For starters, WebTrends can go through your IIS logs and summarize them in many different ways. You can find out which pages were the most popular, where your traffic came from (both by referrer and by location, thanks to a built-in geographic database), which paths people take through your site, which are the most popular entry and exit pages and so on. A variety of predefined (but customizable) reports in HTML, Word, Excel and Text formats let you tailor the program’s output for detailed analysis or executive overview.

WebTrends
Figure 3. WebTrends’ reporting starts with an overview of your site’s activity, but it doesn’t stop there. (Click image to view larger version.)

But WebTrends’ capabilities don’t stop there. It can analyze sites big enough to need server farms and track sessions that cross multiple servers. It can analyze proxy server or streaming media server log files or walk through an entire Web site looking for broken links. It can also monitor servers and alert you when they’re down or compare the content of a caching server with the original server to make sure they’re synchronized. Another intriguing feature is the ability to extract part of a URL and use it to look up information in a database. E-commerce sites, for example, will find this useful for matching shopping cart activity to customer demographics.

All in all, WebTrends Analysis Suite will deliver just about every piece of information that can possibly be extracted from your server logs.

—Mike Gunderloy

Analog
At the other end of the analysis spectrum, organizations whose IIS servers aren’t mission-critical might like to try Analog. This freeware product is a bit harder to use than WebTrends (you need to write a configuration file by hand, rather than filling in property pages) and less flexible. It also lacks the enterprise-level features of WebTrends. Where Analog excels is in rapid extraction of essential information from log files. Analog reports can summarize activity on your server, let you see when peak traffic occurred, and inform you of popular pages and failing requests. They’ll track referrers, search requests and browser distribution, as well. Analog’s output is simple HTML, though there are some add-ons available to produce graphs. If you’re just starting to think about log file analysis, it’s worth downloading Analog to see whether you can extract the information that you need for free.

—Mike Gunderloy

Different Strokes for Different IIS Folks
So which of these tools do you really need? Many IIS Web sites get by without any tools at all. Of course, many IIS Web sites are poorly maintained and have never had to produce a business case, either. Our own preference is to use the tools that make our lives easier. Each of the products in this roundup has a place on that list. WCAT provides some peace of mind before a rollout, and eMon and SiteRecorder do the same when the site is up and running. IISTracer can provide early warning of serious problems brewing, and WebTrends and Analog give you all the information you can possibly need for effective management. Next time you’re building a Web server, think about these tools and their place in your work.

Featured