Microsoft Internet Information Services (IIS) 7.0 in Windows Server 2008 is a Web server that provides a secure, easy-to-manage platform for developing and reliably hosting Web applications and services. IIS 7.0 has been completely redesigned and offers major advantages over previous versions of IIS. With its new modular and extensible architecture, IIS 7.0 makes developing, deploying, and configuring and managing Web applications and infrastructure easier and more efficient than ever before. To put it simply, IIS 7.0 is the most powerful Microsoft Web server platform ever released. It provides an array of new capabilities that improve the way Web applications and services are developed, deployed, and managed. The modular design of IIS 7.0 gives administrators full control over their Web servers’ functionality, providing an extensible architecture that enables administrators and developers to build customized and specialized Web servers. New administration capabilities and the distributed XML-based configuration system make deploying and managing Web applications on IIS 7.0 more straightforward and efficient than on any other Web server. In addition, new diagnostic and troubleshooting capabilities of IIS 7.0 enable administrators and developers alike to minimize potential downtime. In this chapter, we will focus on the major new features and functionality in IIS 7.0 and their advantages over previous versions of IIS. We will also look at basic administration tasks and discuss the differences in the availability of IIS 7.0 features in Windows Server 2008 and Windows Vista. Overview of IIS 7.0 IIS 7.0 provides features and functionality that enable administrators to reliably and effectively manage Web infrastructures; developers to rapidly build Web applications and services; and hosters to provide a cost-effective, scalable, and reliable Web hosting to a broad set of customers.
For administrators, IIS 7.0 provides a secure, reliable, and easy-to-manage Web server platform. The customizable installation of IIS 7.0 ensures that they can minimize the attack surface, patching requirements, and the memory footprint of their Web infrastructure. The IIS 7.0 process model makes Web sites and applications more secure by automatically isolating them, providing sandboxed configuration and unique process identity by default. IIS 7.0 reduces management complexity, providing a set of tools that make administration of Web infrastructures more efficient. IIS Manager has a new task-based, feature-focused management console, which provides an intuitive user interface for administrative tasks. In addition to IIS Manager, there is also a new command line administration tool, a Windows Management Instrumentation (WMI) provider, and a .NET application programming interface (API). IIS 7.0 supports simplified management of Web farms where Web server configuration can be stored together with Web application code and content on a centralized file server and can be shared across front-end Web servers on a farm. IIS 7.0 enables administrators to securely delegate site and application administrative control to developers and content owners without administrative privileges on the server, thus reducing the administrative burden and cost of ownership. Using IIS Manager from Windows Vista, Windows XP, Windows Server 2003, or Windows Server 2008, developers and content owners can manage their sites and applications remotely while connected to a server over HTTPS from any location. In addition, new troubleshooting and diagnostics capabilities in IIS 7.0 enable administrators to reduce Web server downtime. For developers, IIS 7.0 provides a flexible, more extensible Web server platform for developing and deploying Web applications on Windows Server 2008 and Windows Vista. Developers can build applications on IIS 7.0 using the Web framework of their choice, including ASP.NET, classic ASP, PHP, PERL, ColdFusion, Ruby, and many others. IIS 7.0 provides unprecedented extensibility. It has a fully componentized architecture, with more than 40 pluggable modules built on top of public extensibility APIs. Developers can create new or replacement modules in native or managed code, extend IIS configuration, and build IIS Manager extensions that plug in seamlessly to the management console. IIS 7.0 has a distributed file-based configuration system that enables IIS settings to be stored in web.config files along with the ASP.NET settings. This unified configuration system simplifies development and enables applications to be xcopy-deployed, preconfigured, to IIS 7.0 servers. In addition, new diagnostic capabilities, including access to run-time information and automatically tracing failed requests, help developers to troubleshoot issues quicker and minimize Web site downtime. For hosters, IIS 7.0 provides a cost-effective, more scalable Web server platform for delivering reliable Web hosting to a broad set of customers. IIS 7.0 lowers costs by providing a new,
scalable shared hosting architecture that is capable of hosting thousands of Web sites on a single IIS 7.0 server without sacrificing isolation or reliability. IIS 7.0 enables Web hosters to reach more customers by using a new FastCGI module that is capable of providing fast and reliable hosting for PHP and other Web frameworks. In addition, IIS 7.0 provides a File Transfer Protocol (FTP) server that enables Web hosters to offer their customers a fully integrated Web/FTP platform with modern publishing capabilities, such as FTP over Secure Sockets Layer (SSL) and membership-based authentication. Whatfs New in IIS 7.0 IIS 7.0 has been completely redesigned and re-engineered from the ground up. The new features and functionality provide many new capabilities that enable administrators and developers to: ¡ Minimize patching and security risks with fine-grained control over the Web server footprint. ¡ Implement new Web solutions rapidly by using an extensibility framework. ¡ Go to market faster with simplified deployment and configuration of applications. ¡ Reduce administrative costs by managing Web infrastructures more efficiently. ¡ Reduce Web site downtime by quickly resolving faulty applications. These advancements have been made possible because of major innovations in IIS 7.0, as follows: ¡ A modular, extensible core Web server ¡ A unified, distributed file-based configuration system ¡ Integrated health monitoring and diagnostics ¡ A set of new administration tools with delegation support In addition, IIS 7.0 offers a new Windows Process Activation Service (WAS) that exposes IIS 7.0 processing model to both HTTP and non-HTTP based applications and services. Letfs look at these innovations and their advantages over previous versions of IIS in more detail. Core Web Server The IIS 7.0 core Web server has been completely redesigned and is very different from IIS 6.0. Its new, fully componentized architecture provides two fundamental enhancements that form a foundation for many advantages in security, performance, scalability, manageability, and flexibility. These two fundamental enhancements are modularity and extensibility.
Modularity In previous versions of IIS, all functionality was built by default into a monolithic server. There was no easy way to extend or replace any of that functionality. In IIS 7.0, the core Web server has a completely modular architecture. All of the Web server features are now managed as standalone components. The IIS 7.0 Web core is divided into more than 40 separate components, each of which implements a particular feature or functionality. These components are referred to as modules. You can add, remove, and replace the modules depending on your needs. In IIS 7.0, the ASP.NET run time is fully integrated with the core Web server, providing a unified request processing pipeline. Both native and managed code is processed through this single request pipeline. All notification events in the request pipeline are exposed to both native and managed modules. This integration enables existing ASP.NET features—including forms-based authentication, membership, session state, and many others—to be used for all types of content, providing a consistent experience across the entire Web application. Figure 1-1 shows the unified request processing pipeline, with several stages shown at the beginning and at the end of request processing. At the Authenticate Request stage, Figure 1-1 shows authentication modules that are available for all requests. Basic Authentication, Windows Authentication, and Anonymous Authentication are native modules. Forms Authentication is a managed module. Both native and managed authentication modules provide services for any content type, including managed code, native code, and static files.
IIS 7.0 modularity enables you to do the following:
■ Secure the server by reducing the attack surface area. Reducing an attack surface area is one of the major steps to a secure system. In IIS 7.0, Web server features that are not required can be safely removed without affecting the functionality of your applications, thus reducing the attack surface area.
■ Improve performance and reduce memory footprint. When you remove Web server features that are not required, the server’s memory usage is reduced. In addition, the amount of code that executes on every request is reduced, leading to improved performance.
■ Build custom and specialized servers. Selecting a particular set of server features and removing the ones that are not required allows you to build custom servers that are optimized for performing a specific function, such as edge caching or load balancing.
No comments:
Post a Comment