Using IIS 6.0 application pools as web application sandbox.
If your enterprise running lot of web applications on IIS 5 server you probably use COM+ server package as a way to isolate application domain logic from others. Sandboxing systems prevent all of your enterprise systems to shut down while one system crash for some reason.
Yes, in theory .Net application domain should do the work but in realty aspnet_wp still crash even if just single application domain logic crashes. Most of the time those crashes happened due to use of existing COM objects that still exist in the enterprise. So like the old ASP days COM+ server package is good candidate for sandboxing .Net application domain logic. Yes, I'm willing to pay performance penalty for more robust and easy to maintain web systems.
In first glance IIS 6 looks like the salvation angel. This great idea of application pools could serve as sandbox solution for applications. This solution not just save me from using COM+ it also serve better performance solution because there isn’t any cross process connection between system GUI and system domain logic. So theoretically I can use application pool for each one of my web application and each one of them will attain a dedicate w3wp process. The w3wp processes will sandbox each application from other applications on the server and I'm done. I gave up the COM+ ability to monitor package and components but on the other hand I have faster systems.
Well that the theory…. In practice there are some limitations regarding to using IIS 6 application pool as sandbox. First you can run more application domains for HTML site then for ASP application and more app domains for ASP then for ASP.NET. You can run more then 4 times application pools for static HTML sites then for ASPX applications. Application pools stand for concurrent running application pools. If every application domain running under different identity you limit to approximately 50 separate processes. Third due to .NET high start-up time cost the default idle timeout and recycling setting need to be change. .NET start-up cost could reach 15 seconds and you don’t want users to go through this experience.
So… If you running tens of web systems on your server and you still looking for robust systems