by May 5, 2003 0 comments

Internet Information Server (IIS) is among the most popular Web Servers in the world today. Second only to Apache, in terms of sites hosted, IIS has steadily grown in popularity over the years. IIS was severely hit by viruses, Trojans, etc. in the past, and it was quickly understood that these could have been easily avoided by patching the server well in advance. System administrators who did not do this, suffered. 

IIS version 6 is the latest version of this Web Server and will soon be available for deployment as part of Windows Server 2003. We are, therefore, starting a new short series on IIS6 that will take you through the new enhancements and using detailed hands-on guide you about what’s new and improved in this version. However, since at the time you would be reading this, Windows Server 2003 would have just been launched, most of you may not have it with you as yet. Therefore, this article talks only about the architectural changes in the system and how it benefits developers and users.

Internet Information Services
(IIS) Manager

IIS6 has the following new features that we will explore in this series:

More Secure by default

  • New Process Architecture
  • Includes ASP.NET 1.1
  • New Metabase format
  • Enhanced Security

One of the complaints about the previous versions of IIS was that “it’s insecure”. Windows Server 2003 ensures that IIS6 is secure by default. To do this, it ensures that IIS6 is not installed at all, by default, on all Windows Server 2003 versions, except the Web Server Edition. This means that you will not have an edge-server or Domain Controller which is unnecessarily running IIS6 without the administrator’s knowledge and liable for security breaches. You need to specifically install the Web server from the Manage Your Server Admin tool to have it installed.

Another thing that IIS6 does is that even when specifically installed, it installs in what is known as “Locked Down Mode”.

This basically means that IIS6 acts as a bare-bones Web Server that can serve only static content — namely, HTML, images, etc. If you try to run your ASP or ASP.NET applications on it, it will fail. You, again, need to specifically enable a setting that allows you to do this. 

Also, IIS6 is now more secure as it runs on a new built-in account named Network Service rather than the LocalSystem used by the previous versions. This is a low privilege account (lower than LocalSystem) that allows the Web Server to function. So even if this account is entered, the attacker would be unable to gain access to any other resource on the system.

Process Architecture
IIS6 has a completely redesigned architecture from its previous version. IIS 5 allowed application pooling and some semblance of process isolation. To understand what’s new and different in IIS6, let’s first take a look at what was there in IIS5. The figure below shows you how IIS 5 was structured.

In this, the TCP/IP stack in the kernel mode receives requests and passes them onto the Web server process — INETINFO.EXE. This process is responsible for keeping the web “sites”(why does this have to be in inverted commas?) within it running as well as a in memory copy of(correct? Or is there some matter missing here?) the metabase — the configuration database of

IIS5’s rudimentary process isolation feature did allow you to create applications that ran in their own “pools”. In these cases, the requests would be passed onto these pools that were managed by another process called DLLHOST .EXE. However, a crash in any application within the main server process would bring the entire server down. And a crash in an application in any of the DLLHOST processes could also create the same problem.

In IIS6, the entire structure has been changed. IIS6 has a new kernel mode HTTP listener called HTTP.SYS that works much faster and better than the previous version. Take a look at the figure below to see how the architecture has changed.
In this new architecture, the kernel mode listener creates a local kernel queue of the requests and responses. It also keeps a small amount of cache that can directly respond with a recent request, and hence, speed up the entire process for the user and reduce resources used on the server. 

In the new architecture, the INETINFO process only keeps a local copy of the metabase — which is now in XML format. A new Web Admin and Monitoring services (WAM) keeps a close watch on the actual application.

The important new items in this architecture are the Worker Processes (WPs). These processes run applications within them.

A crash in any one WP will not affect any of the other WPs in any way. The WAM immediately notices if any of the WPs is not responding and shuts it down and starts up a new WP. This ensures that all web sites continue to run without any glitches. 

Included ASP.NET
ASP.NET is the new version of the popular Web scripting technology, ASP. It has many advantages over the classic ASP, for instance:

ASP.NET is a fully compiled web application technology. This solves all script related performance issues.

ASP.NET uses the .NET framework which gives you access to numerous functionalities.

You can program in true VB.NET (not VBScript), C#, Jscript, and many more languages.

Optimized and useful components/controls for ASP.NET make programming and deployment much faster and also enhances performance.

The built in ASP.NET also uses a new version of the framework (1.1). To know more about ASP.NET, take a look at some of the previous issues as well as current and upcoming issues of PCQuest for more information. 

XML Metabase
The XML metabase is a complete re-write of the configuration database of IIS. Previously, this was stored as a proprietary format which was difficult to manage. In the few cases where this database became corrupted, there was no other choice than to reinstall IIS from a backup.

However, the new XML metabase makes configuring and restoring very easy. You completely configure the Web Server using Notepad, and also not risk ruining the configuration as Windows Server automatically takes a backup of the metabase as soon as you change and save something. So in case you have made a mistake, you have the complete set of previously working versions that you can quickly revert back to.

The XML metabase is held live in memory, which means that any change you make is immediately reflected in IIS6. For example, if you change the active port on which IIS6 listens in the XML file, IIS6 immediately starts using that port as soon as you save the file. 

Round up
IIS6 has many new enhancements that make it a powerful Web Server. With inclusion of better security and scalability, not to mention a RAD methodology using ASP.NET and better manageability, IIS6 is surely worth a detailed look if you use Windows Web Servers. This series will continue in the next few months with hands-on articles exploring the features of IIS6 in detail, with comparisons of the same functionality in previous versions wherever possible. 

Vinod Unny

No Comments so far

Jump into a conversation

No Comments Yet!

You can be the one to start a conversation.