What you need to know about IIS 7

30.08.2006
Microsoft Corp.'s Internet Information Server (IIS) has been trending upward like a fine wine: It's getting better with age. IIS 4 was a disaster, and IIS 5 was essentially an open door if used on a public-facing Web server, but IIS 6 really hit the sweet spot of performance and security.

That wasn't enough to satisfy the IIS team at Microsoft, which saw the rewrite of Windows on the server as an opportunity to revisit some fundamental assumptions about the architecture and structure of IIS.

IIS 7 is the result of those efforts, and its improvements are focused around modular design, easier management and enhanced security. Let's take a look around IIS 7 in prerelease form and see what you need to know about those revisions.

Modular design

IIS 7 introduces modularity, a concept that to date has been limited to the arguably more popular Apache Web server software. Modularity offers the ability for all features within IIS to operate discretely, meaning they can be loaded in nearly any combination without dependencies. You can enable only those modules you need for server operation, keeping the remainder of the features unloaded and untouched.

This is a great win for security because fewer modules equates to a smaller attack surface through which vulnerabilities could be exploited. However, there is also a significant performance benefit, as IIS might operate more leanly than it ever has been able to before.