The IIS documentation recommends that you don't run more than 10 out-of-process applications (i.e., applications with the High setting) on a server. This number is merely a suggestion. Test your applications to determine how many applications your server can support.
If you want to tweak the settings, click Configuration on the Home Directory or Virtual Directory tab and open the Application Configuration dialog box. Unless your intranet application has performance problems, you shouldn't have to tweak these settings for performance reasons. However, because intranet applications are private and typically have fewer users than public applications, you might want to enable session state, tweak timeout values, and enable authentication.
The App Options dialog box, which you access by clicking Configuration on the Home Directory tab, controls the settings for ASP applications. The Enable session state setting can be useful for intranet applications. However, session state doesn't work well for Internet and extranet applications because it doesn't scale well. Fortunately, many intranet applications run on one server and don't need to scale up the way public applications do, so they can be good candidates for session state. If you use session state, monitor application performance to make sure it remains adequate.
If you enable session state, you might need to tweak the Session timeout setting in the App Options dialog box. Session timeout specifies the number of minutes that must pass before the session times out. If you have an application that serves only a few users and those users use the application all day long, you can probably raise this value from the default 20 minutes to 60 minutes or longer. If you have many users who are in and out of the application, you can lower the value to consume fewer resources. Be aware that developers can override your settings in their applications, but they can't turn on session state if you've disabled it.
You might also need to increase the ASP script timeout setting in the App Options dialog box—the default is 90 seconds. This change should be necessary only if your intranet application has long-running processes (such as a complex query on a large database) and the developers don't set this property higher in the code.
One other setting that you'll probably want to change for intranets is accessible through the Web site's or virtual directory's Directory Security tab. Click Edit on the Directory Security tab to open the Authentication Methods dialog box. Most (or all) users of an intranet have accounts in the corporate domain, so you can clear the Anonymous access option and enable some type of Windows authentication (e.g., Integrated Windows authentication). Allowing anonymous access when you want to force users to use Windows authentication will leave a security hole in your system.
User Connections
As I mentioned at the beginning of the article, most users will access your intranet application over the LAN, but some might also require access from remote locations. To accommodate remote users, you can expose the intranet server to the public Internet, provide dial-up access, or provide VPN access.
Placing the intranet server on the Internet means that you must set up security and management like you would for any Internet server. Dial-up access keeps the intranet off the Internet but is slow and requires users to dial in to one of your modems.
A VPN arguably provides the best solution. You secure and manage the VPN, and the intranet server is just a network server to users. VPNs do have a high degree of overhead, so take performance into account before you decide to use a VPN for access.
Hosting intranet applications is much easier than hosting traditional client-server applications. However, as you've seen in this article, intranet applications are different from Internet and extranet applications; consequently, you must configure Win2K and IIS differently to host these applications. However, the nice thing about IIS is the ease with which you can move things. For example, you can place an application in a virtual directory to begin with. If that approach doesn't work, you can always create a new Web site and move the application there.
End of Article
Register
Doug October 03, 2002