Manualshelf

Datasheet

ManualsBrandsWiley ManualsSoftware978-0-470-04994-5
12345678910
IIS 6.0
IIS 6.0 shipped with Windows Server 2003 editions and Windows XP Professional 64bit edition, which
was built on the Windows Server 2003 Service Pack 1 code base. IIS 6.0 was identical among operating
system versions, but there were restrictions or expansions depending on the version of Server 2003
under which IIS was running. For example, Server 2003 Web Edition would only run IIS and a few ancil-
lary services; it could not be used to run Microsoft SQL Server. On the other end of the spectrum, only
the Enterprise and Data Center versions of Server 2003 included clustering technology.
Operating system changes also expanded the capabilities of IIS as an application server. Native XML Web
Services appeared in Server 2003. Process-independent session states made web farms easier to configure
and manage, allowing session states to be stored outside the application for redundancy and failover. Web
farms also became easier with Server 2003’s improved Network Load-Balancing features, such as the NLB
Manager, which provided a single management point for NLB functions.
Secure by Default
Windows Server 2003 and IIS 6.0 shipped in a secure state, with IIS no longer installed by default. Even
when IIS was installed, the default installation would serve only static HTML pages; all dynamic content
was locked down. Managed through Web Service Extensions, applications such as ASP and ASP.NET
had to be specifically enabled, minimizing default security holes with unknown services open to the
world.
IIS 6.0 also ran user code under a low privilege account, Network Service, which had few privileges on
the server outside of the IIS processes and the web-site hierarchy. Designed to reduce the damage expo-
sure from rogue code, access to virtual directories and other resources had to be specifically enabled by
the administrator for the Network Service account.
IIS 6.0 also allowed delegation for the authentication process; thus administrators and programmers
could further restrict account access. Passport authentication was also included with IIS 6.0, although in
real-world use, it never found widespread favor among administrators. Kerberos authentication, on the
other hand, allowed secure communication within an Active Directory domain and solved many remote
resource permission issues.
IIS 6.0 also would serve only specific file requests, by default not allowing execution of command-line
code or even the transfer of executable files. Unless the administrator assigned a specific MIME type to
be served, IIS would return a 404 error to the request, reporting the file not found. Earlier versions of IIS
included a wildcard mapping and would serve any file type.
Request Processing
IIS 6.0 changed the way IIS processed requests, eliminating what had been a major performance hurdle
in scaling prior IIS versions to serve multiple sites. IIS 6.0 used the Http.sys listener to receive requests,
and then handed them off to worker processes to be addressed. These worker processes were isolated to
application pools, and the administrator could assign application pools to specific sites and applications.
This meant that many more requests could be handled simultaneously, and it also provided for an iso-
lated architecture in cases of error. If a worker process failed, the effects would not be seen outside the
5
Chapter 1: Background on IIS and New Features in IIS 7.0
97823c01.qxd:WroxPro 2/4/08 6:47 PM Page 5