How To: Open Source + Windows + IIS… with Stability

As we mentioned back in March, we switched NeoSmart Technologies over from PHP‘s ISAPI extension for Windows/IIS to Microsoft’s “FastCGI for IIS” implementation instead in hopes of achieving better reliability and uptime during times of heavy load.

Whether you like Windows or not, at some point or the other, you may find yourself using IIS 6 or even 7, and then you’ll be wondering why the open source technologies you’re using aren’t as stable as ASP or MSSQL on Windows. However, ever since the release of IIS 6, Microsoft has truly remade Internet Information Services as a real contender in the server market, providing a highly secure, stable, fast, and flexible web server for the masses. IIS 7 (due to ship with Longhorn Server sometime in 2007) is currently showing all the signs of being even better, with complete modularization of all components and a highly extensible, XML-based framework.

We’re really happy to be able to finally say with all conviction that it really works! This week, NeoSmart Technologies was featured on the homepages of many link aggregation sites (including Slashdot) for our Desktop vs. Web RIAs article. And we’re glad to say that even with the extreme load, for the entire past week we’ve had 100.00% uptime with respect to network, IIS, MySQL, and everything else!

We can conclude with all certainty that PHP’s extensions and modules for Windows servers aren’t to be trusted and should be avoided at all cost for anyone looking to achieve any sort of uptime. The other changes that we did involved removing MySQL as a service and launching it as a standalone app via Microsoft’s srvany application-service bridge – it seems that a good portion of the Open Source community has a severe problem dealing with load in a Windows-only environment.

However, for those looking for a “no-nonsense” open source approach, we can confidently recommend Perl, Python, and PostgreSQL as being the way to go. Unlike PHP, Perl is highly stable with or without the ISAPI extensions, and works even better in FastCGI mode – though that’s unnecessary given the (minimal) performance hit comparing ISAPI to FastCGI (ISAPI is about 10% faster under load).

Python is similarly very reliable and highly stable extension for IIS, though we haven’t had the chance to test it under (real-user) extreme load as we have with PHP and Perl. However, in our simulated load extended-testing scenarios, both Python’s ISAPI and (Fast)CGI implementations worked great and without a flaw on IIS 6.

In running and maintaining the NeoSmart servers, we’ve come to get a good “feel” for the various companies out there catering to webmasters around cyberspace. Some, like PHP, seem to only focus on their “recommend platforms” when it comes to stability, and don’t really care about any other configuration. However, ActiveState gets 5 out of 5 stars when it comes to producing excellent implementations of open source languages, and we can only hope that PHP and others can someday achieve even 80% of what ActiveState has done with their high-reliability, high-performance packages for Windows. ActivePerl and ActivePython are the only way to go if you’re looking to deploy either scripting language in a Windows environment. And if you want to go with CGI instead of IIS, make sure to use Microsoft’s FastCGI solution as well, since the 3rd party FastCGI implementation for IIS is very buggy and not under active development.

PostgreSQL undoubtedly wins the performance challenge when it’s paired up with the likes of MySQL. PostgreSQL is a fully matured RDBMS solution that works just great out of the box on Windows and Linux alike. We’ve never had any stability or compatibility problems with it on Windows Server 2003, and we highly recommend it for anyone looking to run a minimal-maintenance web server on Windows.

The only problem with this picture is that two most popular open source scripting dependencies are the least reliable out there on Windows. Just why PHP and MySQL don’t focus on what is fast-becoming a decent-sized chunk of the user market isn’t very clear to us. However, MySQL is fairly reliable on the majority of systems we tested it on, with the only issues occurring after upgrading to another version, or when the service becomes corrupted and you’re forced to run it as a standalone application.

We wish we could say the same for PHP, which despite the most popular open source scripting language in use today remains absolutely unreliable and completely indifferent in its attitude towards users of Microsoft’s operating system and web server. Thankfully, Microsoft’s FastCGI solution addresses most of the issues present with regards to stability and reliability on Windows, however, the companies attitude as a whole isn’t what we would consider to be “user-friendly” with respect to this issue.

At the end of the day, if you want to use Microsoft Windows Server 2003 and IIS to power your website,1 and are looking to deploy open source products on Windows 2003, then you should look for or write your own platforms that use Python or Perl in combination with PostgreSQL for maximum efficiency, minimum downtime, and least headache.


  1. And you might as well, since Apache on Windows has its own host of problems to worry about and Apache + Windows (WAMP) isn’t as “successful” of a combination as IIS + Windows (WIMP) 9 times out of 10. 

14 thoughts on “How To: Open Source + Windows + IIS… with Stability

  1. Interesting article…
    I’m in the process of starting my own startup (me and everyone else!), and was shying away from PHP for this very reason.

    I think I will use Python and either MS SQL or PostgreSQL, depending on the driver-quality for both.

    What would you recommend?
    Thanks!
    Mike

  2. Odd; I have been using Apache/MySQL/PHP on Windows XP for development work for ages, and have yet to have a single problem.  Now, there may or may not be more problems on a production server, but then why not just use Linux on the web-facing host?

  3. @blooming: Apache on Windows is fairly bugfree, but not as good performing as IIS on Windows, plus, most people on Windows are looking to run IIS-only backend solutions like ASP.NET. So if you’re on Windows, to maximize usage of resources, you should use IIS.

    And if you use IIS – PHP is fucked.

    Thanks for this guide, I’ll be checking out MSoft’s FastCGI fix – thanks!

  4. [slightly OT]

     

    “Whether you like Windows or not, at some point or the other, you may find yourself using IIS”

    actually, it’s possible to always choose other solutions.  the reason, because you are always at choice (although sometimes you may not recognize that fact).

    take for example my case.  i’ve told my clients unequivocally that i will not administer IIS for them.  if they insist then that work will be subcontracted.

    i chose that.  might there be repercussions?  certainly.  what’s the worst that possble repercussion?  losing a client.  ok, i’m willing to suffer that repercussion.

    others may not be willing to suffer that repercussion.  this is still a choice.  however, people often fail to recognize this as a choice and instead perceive that they “have to” because they want the monetary reward.

    it’s way more helpful, in my experience, to clearly acknowledge the repercussions of my choices and what the needs are behind these choices.  doing so allows me to come from an empowered place rather than a dis-empowered place.

    a hypothetical example:  “i’m working on IIS even though i dislike supporting microsoft because i have 5 kids and i enjoy being able to feed them supper.  it’s my intention to shift to working on Free Software web servers because i enjoy the cooperative communities that exist around those applications.  during the evenings i’m going to work hard to become proficient with the applications i prefer so that i can make the shift to using them and still feed my kids supper.”

    what this example shows is that when you acknowledge you are at choice you are then better able to make different choices.

    compare the above example to this one:  “god, i hate working on IIS and i don’t have a choice.  microsoft rules the IT world.  i have a mortgage to pay off and i’m not very skilled with apache.  i’m completely trapped in this god-forsaken job.”

    see the difference?

    take what i offer with a grain of salt.  if you like it, keep it, otherwise ignore it.

    peace,
    david

  5. Not all David – you are right, of course. We are all human beings, and that – usually – implies we have the ability to make a choice.

    At NeoSmart Technologies we chose to use Windows and IIS, because we truly believe that IIS is a great web server.. Unlike its predecssors, IIS 6 is fast, stable, light, secure (less reported vulnerabilities than Apache), and very capable.

    But in your example, you were the man at the top. What if you’re newly hired at a company that has 100 servers already running Windows and IIS – and your predecssor left?

    You can shift everything to Linux, but that software is already bought and paid for, the configuration in place, the web servers all up and running just fine. In that case, the better thing would be to swallow that bad taste creeping into your mouth, open up Opera (or Firefox if you prefer) to this very page, and get tuning! :P

  6. Of course there are less reported vulnerabilities in IIS; do you think MS (or IIS hackers) is going to publish its bug listings to the whole world? ;)  On the other hand, Apache, an open-source project, operates out in the light of day.  I’d trust Apache, for Linux or for Windows, for security any day.  Other than that, I think you have very valid points. :)

  7. “do you think MS (or IIS hackers) is going to publish its bug listings to the whole world?”

    That’s an interesting idea there…. But i have to disagree.

    I mean, just look at how many holes were reported for IIS 5 (with Windows Server 2000) and even Windows XP…

    http://secunia.com/product/1438/ – A total of 3 vulnerabilities in 5 years almost!

    http://secunia.com/product/73/ – 33 vulnerabilities there.. But that’s not the interesting part.. what i find most intriguing is that of the 33 vulnerabilities, 9 remain unpatched!!!

  8. On Apr 15th, 2007 at 9:21 pm, Computer Guru wrote:
    > What if you?re newly hired at a company that has 100 servers
    > already running Windows and IIS – and your predecssor left?

    you can still choose to subcontract.

    > You can shift everything to Linux, but that software is already
    > bought and paid for, the configuration in place, the web servers
    > all up and running just fine.

    even after proprietary software is bought and paid for it still costs more than Free Software.  one of the more significant ways in which proprietary software costs more is in the time it takes to jump through various hoops and engaging in redundant research to make things go.  proprietary software vendors in the end are looking to insure they can make money selling their software.  whereas most cooperatively produced Free Software applications are focused first and foremost on doing the job they were designed to do–well.

    another nice thing about Free Software is that you are much less likely to find that the application that you are relying on goes away at some point.  so the time you invest in becoming proficient with Free Software is *much more* likely to retain it’s value than the equivalent time invested in a similar proprietary solution.

     

     — david 

  9. That’s hardly true: I don’t think Windows Servers and IIS and Active Directory and all that are going away anytime soon.. I’d say it’s more of a determined future than many open source “fly by night” operations.

  10. I find that both M$ and Linux have their fair share of goods and bads. I think for a truly good environment you need both to work. Maryanne ActiveDirectory is crap. Always has been always will be. Linux is nice in the way that you can always avoid breaking things where Vista has broken alot of programs costing end users lots of dollars in updates.

    As for the Linux server it blows M$ out of the water to no end. If your a programmer you can fix the bugs upload it and have it available for others. With M$ if there is a security hole, its usually there till M$ decides to release a patch. So basically I paid several dollars to a company to get a server with security holes and have to wait to get the patch. Seriously M$ is a joke on the server end.

    Now M$ on the desktop wins hands down. To update linux desktop it can take awhile making sure you have the right libraries and packages and can be a pain. It is only for advanced users for which I am guessing your not.

    As for Linux hurting Windows, google “Microsoft Linux software patent” M$ is trying hard to hold on to what they have. Mark my words. They will sue. Its their only option.

  11. I agree with most of what you say, both operating systems do indeed have their own strengths and weaknesses.

    But I’d have to agree with MaryAnne as well – I’m more comfortable in Linux than Windows, but I have yet to see anything on the *nix side that stacks favorably against Active Directory.

    If all you’re looking for is an LDAP server to authenticate against, that is one thing. But if you’re looking to authenticate thousands of users on a campus or a hospital or a base – or, for that matter, millions of people online – complete with profiles, ACL policies, and services; you really can’t beat Active Directory, especially with AD’s tight IIS integration… unless you know a program I don’t – in that case, please let me know!

    AS for the MS Patent Controversy – no need to resort to Google, NeoSmart Technologies has been on the forefront of that controversy, blogging about it right here with hits coming in from all over the web (Digg and Slashdot included): http://neosmart.net/blog/2007/microsoft-linux-patent-violati…

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>