| Several key enhancements have been made to IIS. These enhancements are designed not only to build upon .NET, but also to increase reliability, performance, and security. Whereas IIS 5 was designed as a single process, inetinfo.exe, IIS 6 has been redesigned to use four core processes: Http.sys Http.sys is a kernel-mode HTTP listener. Every Web site on the server is registered with Http.sys so that the Web site can receive HTTP requests. Http.sys then is responsible for sending these requests to IIS user-mode processes and requests back to the client. Http.sys has other responsibilities such as managing TCP connections, caching responses, ensuring Quality of Service (QoS), and handling IIS text-based logging. Web Administration Services (WAS) This service is a user-mode configuration and process manager. It is a new component of the World Wide Web Publishing Service (W3SVC). In user-mode configuration, WAS interacts with the IIS metabase to retrieve configuration data. As a process manager, WAS is responsible for starting and managing worker processes. Application handlers/worker processes Worker processes are user-mode applications that process requests such as returning Web pages. These worker processes, controlled by WAS, then service requests for application pools in Http.sys. IIS can have many worker processes, depending on the IIS configuration. IIS Admin Service This service manages non-Web related functions such as File Transfer Protocol (FTP), Simple Mail Transfer Protocol (SMTP), Network News Transfer Protocol (NNTP), and the IIS metabase.
These three processes segment IIS from the rest of the Web services to maximize reliability of the Web services' infrastructure. Many other improvements to IIS are listed here and are categorized in three sections: Scalability Enhancements to IIS performance, including reduced resource requirements and streamlined processes, allow for faster response times and increased Web server capacity. Native support for 64-bit Web servers allows for increased memory support and processing capabilities. The 64-bit platform can handle greater workloads. Tens of thousands of sites can reside on a single box. This improvement is especially useful for Internet service providers (ISPs) and application service providers (ASPs). Remote server support has been improved for greater administration efficiency.
Security IIS 6 has a reduced default attack surface for hackers and processes to try to gain unauthorized access. Administrators can tighten security using the IIS Lockdown Wizard. This tool allows administrators to enable or disable IIS functionality. IIS defaults to a locked-down state. Only static information (.htm, .jpg, and so on) is served, and additional functionality such as Active Server Pages must be manually enabled. The IIS service account runs with only low privileges. Worker processes are specific to applications and Web sites. Organizations running multiple applications and multiple Web sites on a single Web server benefit from this separation because the worker processes are independent from one another. IIS isolates FTP users. Users can be directed, based on their usernames, to a specific directory to upload and download. Users cannot use or view other directories. Secure Sockets Layer (SSL) implementation has been dramatically improved to increase performance, manageability, and scalability. IIS has built-in support for Kerberos and related standards. IIS now has code access security, which is the complete separation of user-mode code from kernel-mode code. This minimizes security violations from user-mode processes but doesn't negatively affect performance. IIS can support trusted subsystems and other entities such as Passport.
Manageability Process recycling based on time, schedule, hits, and memory consumption can refresh the Web server without stopping service to end users. IIS 6 removes the proprietary IIS metabase found in earlier versions with an Extensible Markup Language (XML) text metabase. The XML metabase can be directly accessed and edited, even when online. Both Web site and application configurations can be quickly and easily imported and exported. Increased support for Windows Management Interface (WMI) scripting allows for greater functionality using scripts. More command-line tools are available, so IIS can be managed through the command line or scripts.
|
