Moving from Apache-Win32/PHP to IIS6/FastCGI/PHP

Recently, for performance sake, I've decided to migrate an application running on a Apache/PHP server in a Windows 2003 environment to a IIS6/PHP/FastCGI. I've read the instructions on IIS.net and PHP.net site and produced the following brief task list:

1. Install IIS6 on the server, with the help of Windows CD
2. Get FastCGI for IIS6 on http://www.iis.net/download/FastCGI
3. Run FastCGI setup installation
4. On command line, run the following command:cd \windows\system32\inetsrv
cscript fcgiconfig.js -add -section:"PHP" -extension:php -path:"C:\PHP
cscript fcgiconfig.js -set -section:"PHP" -InstanceMaxRequests:10000
cscript fcgiconfig.js -set -section:"PHP" -InstanceMaxRequests:10000
cscript fcgiconfig.js -set -section:"PHP" -ActivityTimeout:90
cscript fcgiconfig.js -set -section:"PHP" -RequestTimeout:90
   
5. Get PHP binaries with the same build used by Apache instance (5.2.17 in my case) but "VC6 x86 Non Thread Safe"version, since FastCGI doesn't need thread protection
6. Unzipped to a new PHP directory (C:\PHP directory in this case)
7. Copy the "php.ini" file from the old instance to the new PHP
8. Using Notepad (or Notepad++) change the following parameters of "php.ini": fastcgi.impersonate =1
cgi.fix_pathinfo = 1
cgi.force_redirect = 0
   
9. IIS Manager: create a new Application Pool with default settings
10. IIS Manager: create new Website pointing to the path where your *.php files reside, and give the permissions Read and Run Scripts at the end
    
11. IIS Manager: edit site properties and change the following:
• On Home Directory tab, change the Application Pool to the one created on step 9
  
  
• On Documents tab, change de Default Content page to index.php
  
  

Additionally, the application needs IonCube Loader extension installed on PHP, in order to decrypt their .php files. This was easily done by downloading the binaries and unzipping it to a directory (c:\php\ioncube). After that, I've need to add the following line to "php.ini":
zend_extension="c:\\php\\ioncube\\ioncube_loader_win_5.2.dll"

After this, hopefully, you'll have a new site running PHP Now, the biggest challenge with this move (like most migrations in Windows environment) was with file permissions. But thankfully to Mark Russinovich, there is a tool that help you troubleshoot this issues: PROCMON

I was able to pinpoint the problems with some security permissions and eventually give permissions to the Internet Guest Account (IUSR_[hostname] user) on the *.php files directory.

For security reasons and easier troubleshooting, I've opted for creating a dedicated user for running PHP Application Pool, and giving permission to the filesystem tree below PHP home directory (where *.php files are).

There was a problem with some images not appearing on the browser and being reported on the log files has "404 - File not found". Checking in ProcMon, I found that the application was using image files without file extension, which is them blocked by IIS since there isn't a MIME specified. The problem was solved by adding a new MIME type "*" (asterisk) with value application/octet-stream (check Microsoft KB326965).

Obrigado!

Tuning Windows Server 2003 TCP/IP Stack

Most of this tuning tips were fetched from Microsoft's "Performance Tuning Guidelines for Windows Server 2003" and from IBM's Redbook guide on "Tuning Windows 2003 Server", already tested by me on several scenarios. Basically, this tweaks are for most common scenarios, but you can do further optimization if you starting sniffing your network with WireShark or Microsoft's Network Monitor and analyzing the behavior of your server.

Allow larger TCP Window Size in Ethernet connections, improving performance on transmission of larger files:

reg add HKLM\System\CurrentControlSet\Services\tcpip\Parameters
/v TCPWindowSize /t REG_DWORD /d 0xFAF0 /f

Allows Windows Scaling negotiation and dynamic increase and decrease of TCP Window size (info):

reg add HKLM\System\CurrentControlSet\Services\tcpip\Parameters
/v TCP1323Opts /t REG_DWORD /d 0x3 /f

Reduces to 30 seconds, the time where the socket connection is in "TIMED_WAIT" state (info):

reg add HKLM\System\CurrentControlSet\Services\tcpip\Parameters
/v TCPTimedWaitDelay /t REG_DWORD /d 0x1E /f

Increases the number of TCB (TCP Control Blocks), allowing a better system performance when having a high value of TCP connections (info):

reg add HKLM\System\CurrentControlSet\Services\tcpip\Parameters
/v MaxHashTableSize /t REG_DWORD /d 0x10000 /f

Increases the number of allowed user ports (origin ports), preventing port exhaustion (info):

reg add HKLM\System\CurrentControlSet\Services\tcpip\Parameters
/v MaxUserPort /t REG_DWORD /d 0xFFFE /f

Increases the number of TCB partitions, for better management of TCP connections on Multi processor machines (info):

reg add HKLM\System\CurrentControlSet\Services\Tcpip\Parameters
/v NumTcbTablePartitions /t REG_DWORD /d 0x4 (multiply by the number of processors)

Aldo, this tweak requires to manually identify the GUID of the network interface, it allows you to increase the number of TCP packets before a TCP.ACK is issued, therefore reducing some overhead with TCP connections (info):

reg add HKLM\system\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\[interface GUID]
/v TcpAckFrequency /t REG_DWORD /d [Appropriate interface type value]

The values corresponding to the interface types are:

• 0xD for Gigabit Ethernet
• 0x5 for Fast Ethernet

To find out the GUID of the interfaces on the servers, first, query the existing interfaces with:

reg query HKLM\system\CurrentControlSet\Services\Tcpip\Parameters\Interfaces

...then you must query each interface to get the "right one" (you can easily identify it by the IP assigned):

Kwaheri (Sahili, google it...)

Installing Ubuntu 12.04 LTS on VMware Fusion 4

I've decided to give a test run on the new Ubuntu 12.04 LTS on VMware Fusion 4.

Apparently everything worked like a charm and... HUD menu is beautiful!

Some notes:

• VM specs:
• CPU: 1 Virtual CPU
• 1024 Mb
• Growable 20 Gb SCSI Disk (split 2 Gbfiles)
• I've removed the USB & Bluetooth driver and Printer Serial Port since don't needed and slow things down;
• I'm using VMware Fusion version 4.1.2 (latest today)
• Managed to install VMware tools but failed to compile the vmxnet driver (didn't need anyway)

I think I'll leave it and play it for a while...

Optimize Windows XP/2003 for use in VM

In my day-to-day life, I regularly use virtual machines for system testing, development, etc. The need for having several VM working simultaneously enforces me to optimize them to the fullest extend (I'm also a tuning freak, so...).

Over the years, I've managed to gather some regular task in optimizing VM's through the command line (I'm from *NIX school). They were primarily developed for use in VMware (Fusion, ESX, ESXi) but I think it may applies to any kind of virtualization:

The basics:

Disable the update of file access time since its an unnecessary overhead:
fsutil behavior set disablelastaccess 1

Disable power management since the host will manage this for you:
powercfg /setactive "Always On"
powercfg /h off

Disable logon screensaver, otherwise you loose CPU cycles when the machine is on Logon Screen:
reg add "hku\.DEFAULT\Control Panel\Desktop" /v ScreenSaveActive /t REG_SZ /d "0" /f

Configure Windows Time not to sync with NTP, it's preferable to sync with the host:
reg add HKLM\SYSTEM\CurrentControlSet\Services\W32time\Parameters
/v Type /t REG_SZ /d "NoSync" /f

If you're using recent versions of VMware whatever, run the following command to active Time Synchronization with the host:
"C:\Program Files\VMware\VMware Tools\vmwaretoolboxcmd.exe" timesync enable

The moderate

Disable unneeded services with the following commands:

net stop [service name] (it stops the service)
sc config [service name] start= disabled (it disables the service but don't forget the space after =)

The services that I usually disable (usually for standalone machines) are:

• ALG (Application Layer Gateway Service)
• Alerter
• AppMgmt (Application Management)
• Clipbook
• Browser (Computer Browser
• TrkWks (Distributed Link Tracking Client)
• ERSvc (Error Reporting Service)
• HelpSvc (Help and Support)
• HidServ (Human Interface Device Access)
• PolicyAgent (IPSEC)
• Messenger
• nmnsrvc (NetMeeting Remote Desktop Sharing)
• NetDDE (Network DDE)
• NetDDEdsdm (Network DDE DSDM)
• WmdmPmSN (Portable Media Serial Number Service)
• Spooler (Print Spooler)
• RasAuto (Remote Access Auto Connection Manager)
• RasMan (Remote Access Connection Manager)
• RDSessMgr (Remote Desktop Help Session Manager)
• RemoteAccess (Routing and Remote Access)
• wscsvc (Security Center)
• ShellHWDetection (Shell Hardware Detection)
• SSDPSRV (SSDP Discovery Service)
• srservice (System Restore Service)
• TapiSrv (Telephony)
• Telnet
• Themes
• W32Time (Windows Time)
• WebClient
• AudioSrv (Windows Audio)
• WZCSVC (Wireless Zero Configuration)
• SharedAccess (Windows Firewall/Internet Connection Sharing)

The Heavy ones (for the pro's)

First of all, this part is for people who know what they are doing. Otherwise, it can do more harm than good...

Give enough memory to the VM so it does't need to swap, and then set a fixed size for the page file (change 512 value below to your VM's memory configuration):
reg add "hklm\System\CurrentControlSet\Session Manager\Memory Management"
/v PagingFiles /t REG_MULTI_SZ /d "c:\pagefile.sys 512 512" /f

Disable Paging Executive so it doesn't keep paging unused memory (we hope to avoid disk I/O which heavily penalizes VM performance):
reg add "hklm\System\CurrentControlSet\Session Manager\Memory Management"
/v DisablePagingExecutive /t REG_DWORD /d 0x1 /f

Summary

There are more things (TCP/IP windows stack tuning, other parameters tuning etc.) that I could add to this post, but I guess I'll save for later...

First, I need to find out how to put tables (without going through the HTML) in this blog thing!

Be right back!

Getting started

Jedi Library

I've just created this blog for writing knowledge stuff for my personal reference and for free use, if anyone is interested...

Be right back!