Introduction
IIS is the abbreviation of Internet Information Server. It is the WEB server mainly promoted by Microsoft. The version commonly used by users now is IIS 6 included in Windows 2003 or the earlier IIS 5. IIS is fully integrated with Window NT Server, so users Able to use the built-in security features of Windows NT Server and NTFS (NT File System, NT file system) to build powerful, flexible and secure Internet and Intranet sites. IIS supports ISAPI, which can be used to extend server functions. IIS is designed to establish an integrated set of server services to support HTTP, FTP and SMTP. It can provide a fast, integrated, and scalable Internet server with existing products. .
The new IIS7 adds more security designs to Windows Server 2008, and users can now use Microsoft's. NET language to run server-side applications. In addition, creating modules through the new features of IIS7 will reduce the number of code runs in the system and minimize the possibility of being attacked by hacker scripts. From a security perspective, this is a new area that IIS is involved in. So many new features make us eager for IIS7 in Windows Server 2008. Let us take a look at the five most core enhanced features in IIS:
Fully modular IIS
If you are very familiar with the popular Apache Web server software, then you will know that its biggest advantage lies in its customization. You can configure it to only display static HTML, or you can dynamically load different modules to allow different type of service content. However, the IIS currently used cannot implement this feature very well, which has caused two problems: first, due to the impact of too many features that are not used by users on the code, the performance sometimes cannot satisfy users; second, Second, there are security risks caused by too many default interfaces.
The new IIS7 completely solves this problem. IIS7 is divided from the core layer into more than 40 modules with different functions. Features like validation, caching, static page processing, and directory listings are all modularized. This means that your web server can install the corresponding functional modules according to your operational needs. Modules that may have security risks and are not needed will no longer be loaded into memory, the program's attack surface is reduced, and performance is also enhanced.
IIS7 configured via text file
Another major feature of IIS7 is that the management tool uses the new distributed web.config configuration system. IIS7 no longer has a single metabase configuration storage, but will use the same web.config file model supported by ASP.NET, allowing users to store and deploy configurations together with the content of web applications. No matter how many sites there are, users can It can be configured directly through the web.config file, so when the company needs to connect a large number of websites, it may only take a short time, because the administrator only needs to copy the web.config file of any site that has been prepared before, and then set the settings It is transferred to the remote server together with the web application. There is no need to write management scripts to customize the configuration.
At the same time, the management tool supports "delegated administration". Users can delegate some identifiable web.config files to other employees in the enterprise. Of course, in this case, what is displayed in the management tool is The settings of the customer's own website, rather than the settings of the entire machine, so that the IIS administrator does not have to worry about every small change of the site. Version control is equally simple. Users only need to keep different versions of text files in the organization, and then use them when necessary Just restore them when needed.
Microsoft products have always prided themselves on user-friendly interfaces. However, as an IIS7 server designed for IT professionals, this does not seem to be obvious. Looking back from IIS 4 to IIS 6, the management console provided to users is not very easy to operate. Convenient, and due to technical limitations and other reasons, it is difficult for users to achieve all management work through a unified interface.
MMC Graphical Mode Management Tool
[Cut-Page]In the new IIS 7, this problem has been significantly improved. Users can now use management tools to create and manage any number of websites on Windows client machines. It is no longer limited to a single website. At the same time, compared with previous versions of IIS, the management interface of IIS7 is more friendly and powerful. In addition, the management tools of IIS7 are written in .NET and Windows Forms and can be expanded. This means that users can add their own UI modules to the management tool to provide management support for their own HTTP runtime modules and configuration settings.
IIS 7 security enhancements
Security issues are always the top priority when Microsoft is attacked. In fact, it is not that Microsoft is indifferent to security. It is because Microsoft is such a huge battleship that it is inevitable that every secret will be lost. Fortunately, Microsoft actively responds to every security opinion. with suggestions. The security issues of IIS mainly focus on the effective management and permission management of .NET programs. IIS 7 has made corresponding enhancements in response to the security problems encountered by the IIS server.
In the new version IIS and ASP.NET management settings are integrated into a single management tool. This allows users to view and set authentication and authorization rules in one place, rather than having to go through multiple different dialog boxes. This provides managers with a more consistent and clear user interface, as well as a unified management experience on the web platform.
In IIS7, .NET applications run directly through IIS code instead of being sent to the Internet Server API extension, which reduces possible risks and improves performance. At the same time, the management tool has built-in support for ASP.NET 3.0 members and The role management system provides support for the management interface. This means that users can create and manage roles and users in the management tool, as well as assign roles to users. The following is the complete component breakdown diagram of IIS 7.
IIS 7 complete component distribution diagram
Windows PowerShell management environment for IIS 7
I believe that friends who pay attention to script programming or are familiar with Exchange Server 2007 will be familiar with Windows PowerShell. Windows PowerShell is a Windows command line shell specially designed for system administrators. Included in this shell is an interactive prompt and a scripting environment that can be used independently or in combination. For IT pros who love script management, Windows PowerShell will definitely make them love it. For IIS servers, Windows PowerShell can also provide comprehensive management functions.
[Cut-Page]However, although PowerShell can also manage IIS6 running on Windows Server 2003, IIS7 is specifically managed through the PowerShell command line. It includes the new APPCMD function. APPCMD creates and configures sites through a standard command line interface. The application scenarios of such command line tools are also very common. When script management is used in the user's environment, APPCMD will come into play. Very its great advantage.
IS 7.0 is included with Windows Vista clients, and the home version of the operating system also comes with IIS 7.0 (unlike IIS 5.1, which is only available on XP Professional). The server's IIS 7.0 version will be released with Windows Server 2008 server later this year and will add a bunch of additional deployment features, including richer host support, secure FTP support, and built-in web farm deployment support.
Web farm support would be especially cool, as it would allow you to deploy your web application on a file share that contains all the coding, configuration, content, and keys needed to run a server. You can then add any number of stateless, configuration-free web servers to a web farm by simply pointing them to that file share to dynamically load their configuration settings (including bindings, virtual directories, application pool settings, etc. ) and application content. This makes scaling an application across multiple machines a piece of cake, eliminating the need for replication methods for configuration and application deployment (just copy the files to a file share, and all machines in the web farm will load the changes immediately file).
The Beta 3 release of Windows Server 2008 supports go-live licensing, so you'll be able to take advantage of this feature soon. We're already running Windows Server 2008 on an IIS 7.0 cluster, so you won't be alone!
Windows PowerShell management diagram
IIS7.0 migration
Migrating websites in IIS7.0 is more convenient than IIS6.0 because the biggest advantage of Apache Web server is its customized management. IIS7.0 now uses the Apache concept, so copy the configuration file of the site to another IIS7.0 It can be installed on the host machine. For details, please learn about "IIS7 configured through text files" and "Windows PowerShell management environment of IIS 7" above.
[Cut-Page]Integration of ASP.NET and IIS 7.0
In earlier versions of IIS, developers needed to write ISAPI extensions/filters to extend the functionality of the server. In addition to being a pain to write, ISAPI is also very limited in how it connects to the server and allows developers to customize it. For example, you cannot implement URL rewriting code in an ISAPI extension (note: ASP.NET is implemented as an ISAPI extension). If you write long-running code as an ISAPI filter, the result is that you will tie up the web server's I/O thread (this is why we don't let managed code run during the filter execution phase of the request).
One of the major architectural-level changes we made to the core IIS processing engine in IIS7 is to enable extremely rich scalability through a new modular request pipeline architecture. You can now write code anywhere in the life cycle of any HTTP request by registering an HTTP Extensibility Module with the web server. These extensibility modules can be written using native C++ code or .NET managed code (you can use the existing ASP.NET System.Web.IHttpModule interface to achieve this).
All "built-in" IIS7 functionality (authentication, authorization, static file serving, directory listing support, classic ASP, logging, etc.) are now implemented using this public modular pipeline API. This means that you can remove any of these IIS7 "built-in" features and replace/extend them with your own implementation.
[Cut-Page]ASP.NET itself on IIS 7.0 has also changed from an ISAPI implementation to a module directly connected to the IIS7 pipeline:
IIS6.0 and IIS7.0 comparison chart
This brings many benefits:
1) You can now use ASP.NET forms authentication, members/roles, and any other features for all requests to the server (e.g., .htm, .php, .jsp files).
2) You can now easily rewrite the URL of any web request or modify the request in all kinds of interesting ways.
3) You can replace or extend any existing IIS feature using VB or C# (for example, you can remove the built-in directory listing module and plug in your own module).
This really opens up endless extensibility opportunities for .NET developers.
Six new features of IIS 7.0:
1) The modular network core allows users to add and delete specific functions. If you want to use the service statistics component, only a few modules (excluding ISAPI) are needed.
2) A unified standard HTTP pipeline, which corresponds to local management applications. Users can use a forms-based authentication system for classic ASP web pages.
3) Users can create their own IHttpModule and IHttpHandlers and insert them into a unified pipeline.
4) New distributed XML setting system, which takes advantage of the ASP.NET setting system.
5) Improved diagnosis and problem-solving mechanism, including new runtime status and tracking functions.
6) New extensible, task-oriented administrator user interface.
All in all, IIS 7 will provide Web administrators and Web enthusiasts with richer and easier-to-use management tools. In the new IIS7, both management and security aspects have been completely redesigned. From the perspective of the user group, using IIS7, individual users can build their own sites faster and easier, while enterprise users can You can maintain and manage your own WEB environment more comprehensively and securely. As Windows Server 2008 is approaching, I believe there will be more and more introductions about IIS7 management. Let us wait and see whether the new version has brought us substantial changes, or is it just an enhancement of IIS server functions.
[Cut-Page]In the new IIS 7, this problem has been significantly improved. Users can now use management tools to create and manage any number of websites on Windows client machines. It is no longer limited to a single website. At the same time, compared with previous versions of IIS, the management interface of IIS7 is more friendly and powerful. In addition, the management tools of IIS7 are written in .NET and Windows Forms and can be expanded. This means that users can add their own UI modules to the management tool to provide management support for their own HTTP runtime modules and configuration settings.
IIS 7 security enhancements
Security issues are always the top priority when Microsoft is attacked. In fact, it is not that Microsoft is indifferent to security. It is because Microsoft is such a huge battleship that it is inevitable that every secret will be lost. Fortunately, Microsoft actively responds to every security opinion. with suggestions. The security issues of IIS mainly focus on the effective management and permission management of .NET programs. IIS 7 has made corresponding enhancements in response to the security problems encountered by the IIS server.
In the new version IIS and ASP.NET management settings are integrated into a single management tool. This allows users to view and set authentication and authorization rules in one place, rather than having to go through multiple different dialog boxes. This provides managers with a more consistent and clear user interface, as well as a unified management experience on the web platform.
In IIS7, .NET applications run directly through IIS code instead of being sent to the Internet Server API extension, which reduces possible risks and improves performance. At the same time, the management tool has built-in support for ASP.NET 3.0 members and The role management system provides support for the management interface. This means that users can create and manage roles and users in the management tool, as well as assign roles to users. The following is the complete component breakdown diagram of IIS 7.
IIS 7 complete component distribution diagram
Windows PowerShell management environment for IIS 7
I believe that friends who pay attention to script programming or are familiar with Exchange Server 2007 will be familiar with Windows PowerShell. Windows PowerShell is a Windows command line shell specially designed for system administrators. Included in this shell is an interactive prompt and a scripting environment that can be used independently or in combination. For IT pros who love script management, Windows PowerShell will definitely make them love it. For IIS servers, Windows PowerShell can also provide comprehensive management functions.