Audit and configuration of IIS web server





HTTP request flow inside Microsoft IIS


Classic ASP Logo - Active Server Pages



How to drastically improve IIS performance for Classic ASP

Microsoft IIS Settings adjustments

There is no need to migrate your Classic ASP application to another platform (PHP, Apache, ASP.NET). In 9 out of 10 cases, it is faster and less expensive to keep your existing application by optimizing the configuration of the ASP IIS web server responsible for running it. As we have a very sharp focus on Classic ASP, this qualifies us to refactor and rewrite all or part of your ASP code base to make it much faster, and thus ensure its stability, while a complete migration to a new infrastructure would take months and require many financial resources.

We regularly optimize the IIS 7/8/10 web servers configuration on behalf of many customers, and help them deal with the performance issues they were experiencing so that they are a thing of the past. This way, our clients can peacefully retain and maintain their Classic ASP applications in a functional state, including in scalability scenarios. Contact our technical sales to express your project.



Improve speed and stability

Our IIS 7/8/10 web server configuration audit service consists of investigating your server infrastructure as well as all the used components that contribute to the exploitation of your ASP 3 based website. This process is aimed at identifying, reducing and / or eliminating the symptoms you have told us. The main goal is to bring you significant gains in speed, stability, as well as the load capacity of your application. Our service implements all human, technical, computer and documentary resources to achieve this objective.




Our IIS 7/8/10 configuration audit service


IIS websites modules auditing
IIS website HTTP compression configuration
IIS Application Pool configuration


When is an IIS configuration audit needed?

  • You are experiencing premature loss of sessions
  • Accessing your Classic ASP websites / applications is slow
  • Accessing your Classic ASP websites / applications does not support scalability when too many visits occurs
  • Your ASP website encounters too many HTTP 500 errors "Internal Server Error"
  • Your ASP website encounters frequent HTTP 503 errors "Service Unavailable"
  • You need to improve IIS Application Pools recycling
  • The security of your application does not meet your expectations


We know how to deal with the following layers of your infrastructure:

Microsoft® IIS
ASP Classic
ActiveX Components
Windows Server 2003/2008
Windows Server 2012/2016

Plesk
Veeam BR
VMWare ESXi
PHP
MySQL
MacOS

VBScript
Microsoft® JScript
Microsoft® Access
LJW LogAnalyzer®

CSS
HTML





Our IIS server audit and diagnostics methodology



  1. Windows Server properties

    Description of the concerned infrastructure:

  2. Description of problems encountered by Microsoft Internet Information Services

    Description of the encountered symptoms:


  3. IIS Application Pools examination
    IIS URL length
    Microsoft IIS Request filtering

    Audit and detailed diagnosis of IIS:

    • Review the general configuration of your Windows server,
    • Review of the general IIS Web server configuration,
    • Examination of the specific concerned website configuration,
    • Examination of the IIS Application Pool(s) running your ASP code, including parameters affecting the sessions management and duration, queue limits management, memory management, temporary files parameters, Application pool(s) recycling conditions, Handlers order, compression parameters, cache rules, URL rewriting parameters,
    • Examination of the System.WebServer configuration, including properties referring to requests limits, HTTP responses, session-related properties, concurrent connections and scripts execution timeout parameters,
    • Review of the HTTP web server registry keys and values.
  4. Review of the Windows Event Log for IIS
    Review of the Microsoft IIS logs
    Review of the HTTP.SYS logs
    Error monitoring and reporting with LJW LogAnalyzer®

    Analysis of the Windows Events, IIS & HTTP logs:

  5. IIS configuration Audit report

    Detailed analysis report:

  6. Precautions before applying changes to IIS

    Changes Scheduling

  7. List of parameters to modify to improve IIS performance

    IIS Configuration tuning

  8. Post-action Control and tracking

IIS configuration Audit report
Precautions before applying changes to IIS
Recommendations to boost IIS performance
Auditing IIS with LJW Loganalyzer®
Protect an IIS website with web.config
Tuning HTTP.SYS registry keys
Optimize IIS with WMI
    




Limits of our IIS configuration audit service


Analyze IIS in Performance Monitor



IIS performance in Task Manager
COM+ resources management in Classic ASP scripts





We tune your IIS configuration methodically

We know that going "rummage" through the arcanes of the "Configuration Editor" and the "applicationHost.config" files is a delicate operation that need to be performed with calm, method and precaution. For this reason, each of the optimizations we make is based on a specific argument coming from the report we give you following the audit of your actual configuration. We then apply changes in a structured way and in a prioritized manner.

Precautions before applying changes to IIS

We provide a rollback plan

Although our experience makes us sure of our recommendations, we know that no change is magic, and that edge cases can always occur. That's why we work with your IT teams to prioritize our recommendations and establish a secure deployment schedule so that the consequences of each change can be tracked and evaluated before continuing to apply further optimizations. In addition, to provide optional rollbacks abilities, all applied tuning and their implementation date are recorded, as well as the effects and consequences noted as output. This way, nothing is definitive or irreversible.

A preserved integration of your COM+ components

While applying optimizations to your IIS server, we ensure that every integration of your ASP Classic code with ASP / COM + components remains fully functional. We are also qualified to improve the usage your source code makes of these components, including decreasing their memory impact on your server, or their CPU time, which will result in faster ASP scripts. Contact our team to lighten the load of these COM + components on your ASP scripts.

Advanced "web.config" rules

Our many years working on Microsoft Internet Information Services gave us the knowledge of which parameters to act on in order to increase the reliability of your ASP 3 applications. We thus control the rules of your "web.config" file, the parameters of the "applicationHost.config" file, as well as their hierarchical inheritance chain. We can step in at your "web.config" files level in order to secure accesses and URL sequences, or setup efficient rewrite and redirection rules (rewrite 301) having a strong beneficial impact on your website SEO.




Windows Server configuration and installation + migration to Windows Server 2012 / 2016










We respect an absolute privacy

We know that giving us an access to your production servers is one of the most important decisions. Your critical applications must not suffer from any approximation, nor never be at risk. That is why, as part of each of our IIS server audit engagements, we redact a written document in which we explicitly commit ourselves to many points. This document is aimed at clarify our intervention perimeter with your IT department and your legal department.

  • During the audit and diagnostic phase, we will not make any changes to your system, configuration, data, or source code. As a result, no malfunction can be attributed to us during this analysis phase, and your application will continue to operate in its initial state.
  • We are committed to maintaining strict a confidentiality and an absolute security regarding all information to which we will have access, including: your source code, your infrastructure and the software you operate, the configuration of your system, your business data, access codes that you will communicate to us.
  • We respect a full transparency towards you regarding the requested service providers. We prohibit ourselves from subcontracting any portion of our services to a third party, except in the case of an explicit agreement with you, specifically mentioning the concerned parts of the work.
  • Being fully aware of the criticality of your infrastructure and data for your business, we officially commit ourselves to :
    • Only download the files we need, and do not keep any copies after, —according to your choice—, the date of delivery of our recommendations, or the closing date of our corrective action application,
    • Allow access to your server to only one member of our team, whose a copy of the ID Card will be communicated to you, and to only work in normal fatigue and lucidity conditions, by banishing the use of any psychoactive substance of any type,
    • Only store any downloaded data and access codes on a single workstation in our own office, running a "Non-Windows" operating system (Linux or MacOS), password-protected, accessible to the sole member of our team in charge of auditing your server, secured with licensed and up-to-date Antivirus software plus a bi-directional firewall regularly updated and configured in "Paranoid" mode. We guarantee you that no external access to this workstation is possible,
    • Access your data, servers and tools only from a private internet access whose characteristics and IP address will be communicated to you before the beginning of our audit mission,
    • Never access, under any circumstances, your data, servers and tools from another unsecured connection (public WIFI, HotSpot, ...) than the above-mentioned connection on the previous point,
    • Under no circumstances assign or disclose, with or without charge or compensation, all or part of the data, access codes, specific features or configurations of your system to any third party, whatever the current or future circumstances,
    • Never use, for a permanent and unlimited duration, all or part of the source code of your application for one of our current or future developments, for our own services or one of our other customers, whether in our current legal form, or any other legal form that we may adopt in the future.
  • As a result, the only benefits that we allow ourselves to draw from this work for you, are:
    • The perception of the financial emoluments agreed in our estimates/quotes,
    • An improvement of our technical knowledge, of which nothing will never allow to identify your entity.


Privacy preferencesYour privacy preferences
Your privacy is precious: we respect it.

NOTE: Your changes will be applied from the next page you will visit/load.

By using this website, you consent that we use technologies such as anonymous statistics and cookies to improve your browsing experience on our site, customise content, and analyse our traffic. This anonymous information may be shared with our trusted social media and analytics partners.

  • We do not collect any nominative data.
  • We do not store any password.
  • We use a high-end secure connection.