[The following article is authored by one of the Windows Embedded MVPs (Most Valuable Professionals). Our MVPs have a heavy background in Embedded systems and are a great repository of information on Windows Embedded products. We’re providing this space on our team blog as a service to our readers by allowing MVPs to share some of their knowledge with the rest of the community.]
This post’s focus is on the Internet Information Server Technologies (IIS) macro component, which in fact, is more than a web server. The HTTP server is just one part of the portfolio, which includes FTP services, execution environments for dynamic web pages and web services, as well. Therefore, IIS should be regarded as an application platform for quite a number of interesting technologies.
The complete IIS macro component pulls in about 100 MB of required functionality into a Windows Embedded Standard image. IIS therefore is not a good choice when it comes down to optimizing footprint, but if one just chooses the technologies needed for the individual device the impact can be reduced to a certain extent. However, if you need a more lean approach, for example for ASP.NET hosting capabilities, Microsoft’s Cassini web server sample may be worth a look. It comes as a 217k download and the footprint impact to an OS image is negligible.
This brings us to embedded use cases. Why on earth, would one include full-blown IIS in a Windows Embedded image? HTTP/FTP/etc. servers normally are an essential part of data center infrastructure and at first glance it seems strange to leverage this technology on an embedded device. But in fact, it is not. It is better to look at these servers from a different perspective, namely as being access doors for an embedded device to a network or the Internet.
The FTP server, for example, can be leveraged to collect log files from a device, push down system updates or even complete OS image updates. The HTTP server is able to provide a web user interface, which can be essential to headless systems that do not provide other means to access them. In this scenario one is able to leverage a lot of different technologies out of the Microsoft web application portfolio. This starts with developing custom ISAPI extensions which trigger functionality based on the information included in a URL. ISAPI is the IIS API, through which developers are able to access the server’s functionality directly. The extensions provide minimal footprint, a high degree of functionality and good security. They normally are implemented as DLLs in native code.
Another lean approach for developing a web UI is the use of classic Active Server Pages. This scripting technology leverages VBScript or Jscript, and it dominated dynamic web page creation before ASP.NET arrived. It is infamous for spaghetti code, mixing presentation as well as application logic on an HTML page, but nevertheless it works fine for simple to advanced presentation tasks.
<% @LANGUAGE="VBSCRIPT" %>
<% Option Explicit %>
<BODY BGCOLOR="White" topmargin="10" leftmargin="10">
<!-- Your ASP Code goes here -->
Source = "SELECT * FROM Authors"
Connect = "Provider=sqloledb;Data Source=srv;" & _
"Initial Catalog=Pubs;Integrated Security=SSPI;"
Set Rs1 = Server.CreateObject( "ADODB.Recordset" )
Rs1.Open Source, Connect, adOpenForwardOnly
The code snippet above shows how a simple database call could look like from an ASP page.ASP is included in the IIS Web server component and requires the Windows Scripting engines, which are about 1MB of additional footprint. If one wants to create state of the art web applications on IIS, ASP.NET can be used to implement compelling user experiences leveraging the full power of a managed environment. But keep in mind that the footprint impact is significant. ASP.NET always requires the full corresponding .NET Framework version. More resources for this technology can be found at the MSDN developer center or the official ASP.NET site.
With ASP.NET the infrastructure to create not only UIs but Web Services is brought to an embedded device, as well. This is a very interesting usage scenario on connected embedded systems, which, with the help of suitable web services, turn into functionality nodes. These nodes then can be used by applications or others nodes to create agile systems and solutions.
Security and operations
Quite a while ago, IIS was infamous for the number of exploits and hacks targeted at this technology. Due its prominent role in Microsoft’s internet strategy it was, and still is, an interesting target to hackers and all sorts of malware programmers. Microsoft has addressed this very thoroughly by not doing a default install of IIS to all Windows systems as well as numerous security improvements and fixes. Nevertheless, providing a functionality gateway to the Internet always raises certain security issues. But, there is help! A lot of best practices, tools and resource kits are available on TechNet and Microsoft’s IIS site www.iis.net to address these issues. By applying best practices and protection mechanisms, is it not a problem to run embedded or other systems with IIS in a robust, reliable and secure fashion.