Technology Dossier
What is IIS7?
Internet Information Services 7.0 (IIS7) is Microsoft’s Web server available with Vista and Longhorn Server. IIS7 provides a secure, extensible, easily managed platform for developing and reliably hosting Web applications and services.
With IIS7, you can…
Take control of the Web server footprint to increase security and decrease patching.
Quickly resolve faulty applications.
Go to market faster and reduce support costs with simplified deployment and application configuration.
Rapidly leverage new technologies with IIS7’s extensible framework.
Efficiently manage: your Web server(s) with Powershell, code APIs, a powerful new UI, and command line tools.
What’s New in IIS7?
Modular Architecture:
IIS is now factored into more than 40 feature modules that can be independently installed, removed, or replaced -- dramatically reducing the potential attack surface, and lowering the footprint on the machine.
Comprehensive Extensibility:
Developers can leverage IIS7’s modular design to take advantage of its extraordinary extensibility.
Request Processing Pipeline -- IIS7’s core features are delivered as modules built using a new set of public APIs. For the first time developers can use these APIs (rather than ISAPI) to extend, replace, or add functionality with native or managed modules and handlers. These custom services become part of the core http request processing pipeline servicing all incoming requests.This allows you to use managed code to service requests intended for any Web application including static content, PHP, or classic ASP.
Extensible User Interface – The new UI is also modular and extensible. Using Winforms, create a page to configure the application and load it as a feature in the IIS7 UI. Then delegate authority to change or lock these settings. This allows seamless integration into the IIS7 feature set, eliminates the need to provide a separate configuration console for the application, and enables the settings to be managed with the new API, APPCMD, Powershell or other administration tools.
Extensible IIS7 Configuration Schema – The IIS7 Schema is easily extended with a simple XML snippet. Extending the schema works in concert with developing custom modules, handlers, or UI extensions that store configuration settings along with other IIS7 settings. This leverages the unified configuration model of IIS7 and provides a developer’s application access to manage these settings with the new administration APIs.
Extensible Security – Extend IIS7 security with .NET role and membership providers. IIS7 can easily be configured to use Forms authentication for any content (e. g. static content, classic ASP, PHP) and will use any designated .NET role and/or membership provider to store user principles and groups. This offers unprecedented flexibility to use existing infrastructure with IIS7.
Extensible Troubleshooting – IIS7 has built-in tracing capabilities that can be used to quickly diagnose problems that typically require detailed, expert research. Applications developed for IIS7 can be instrumented to report events to the IIS7 tracing system to rapidly isolate problems.
Suite of Administration Tools:
IIS7 offers a broad set of tools for administration that simplify the day-to-day tasks of managing Web sites and applications. The all new administration features in IIS7 include: new GUI admin tool, APPCMD command line utility, Micorsoft.Web.Administration managed API, Powershell, and an updated WMI provider for automating administration tasks. All of these provide unified support for managing both IIS and ASP.NET settings.
IIS7’s IIS Manager is a redesigned, more efficient UI for managing local or remote Web servers.
In addition to configuring Web sites and application pools, the new IIS Manager allows you to administer ASP.NET settings, .NET membership users and role providers, and exposes runtime diagnostic information. Control of specific IIS features can be delegated to developers or site content owners, thus reducing cost of ownership and lowering administrative overhead for the IT Professional. IIS Manager can be used to administer other IIS7 servers over HTTP (through firewalls) and it works in both dedicated and shared hosting environments.
Powerful Diagnostic Capabilities:
IIS7 enables developers and IT Professionals to easily troubleshoot errant Web sites and applications. IIS7 exposes runtime diagnostic information to administrators (for example: what requests are currently executing, how long they’ve been running, which URLs they are invoking, what client called them, and what their status is). IIS7 can also be configured to automatically log detailed trace events for requests when failures are detected (based on user configurable rules) or requests that take too long to execute. These diagnostic capabilities in IIS7 are extensible as well, so new diagnostic events can be inserted into custom modules, handlers, and ASP.net applications and custom trace providers can replace existing providers in the tracing infrastructure.
New IIS 7 Configuration Model:
IIS7 configuration has been redesigned to streamline administration and provide many new features.
Delegated Administration:. An IIS7 administrator can delegate control of specific features to a Web site operator or developer. When a features is delegated, a developer can control the feature’s configuration in Web.config. Delegated administration makes site deployment easier as site configuration settings are deployed with the Web site content. It also reduces the number of requests to server administrators to make common Web site configuration changes -- such as altering the default Web page or enabling a type of authentication.
Granular Locking: Authority over delegated settings is centralized and granular. An IIS7 administrator can delegate control of the default document service by IIS7, but in doing so can require that ‘Contosohome.aspx” (for example) will always be in the list. IIS7 configuration granularity provides a rich set of options including: LockElements, LockAllElementsExcept, LockAttributes, LockAllattributesExcept, and LockItem.
.NET Collaborative Configuration: IIS7 configuration is based on and works with the ASP.NET configuration model. The centralized store for IIS7 configuration (Applicationhost.config) is an XML file that has been redesigned from IIS6’s metabase.xml to conform to an ASP.NET style configuration file. Additionally, both ASP.NET and IIS7 optionally use Web.config to store configuration information. You can even configure .NET settings within the IIS UI and manage both ASP.NET and IIS7 configuration with the same programmatic interfaces.
These improvements have radical impacts for how applications are configured and deployed. Now that IIS Web site and application settings are no longer required to be tied to a centralized configuration, Web site and .NET configuration can simply be copied from the developer’s workstation to a test server and on to the production Web server, along with the content. Once a Web site is in production, administrators can share configuration information across multiple front-end Web servers, avoiding costly and error-prone replication of server settings and manual synchronization issues.
Improved Security
Built on the excellent track record of IIS 6, IIS 7 offers increased security through a reduced installation footprint, granular locking of features, integration with .NET role and membership providers, and URLFiltering capabilities. Additionally, security administration is easier as the IIS anonymous user is now a built-in account rather than a local account. This helps to insure file permissions for the anonymous user are consistent between servers.
IIS7 Scenarios
Scenario: Intranet with Unique Database Store for Users
For this scenario, IIS7 is configured to use .NET role or membership provider for the database. You can then add users and groups to the database in the IIS UI, authenticate users when accessing any kind of content, and control access in Web.config. Alternately, developers can take advantage of IIS7’s modular design and replace Microsoft’s provided authentication modules with a custom module designed to deliver the precise services required.
Scenario: IIS7 in a Web Hosting Environment
For this scenario, IIS7’s management options allow easy deployment and configuration of the server using the new API, APPCMD, or WMI. Custom controls can be added to the UI and features can be delegated to users, thus avoiding calls for configuration changes. Backward compatibility insures that existing control panels using ADSI will work to configure settings that were also on IIS 6. Sandboxing applications pool is facilitated by automatic inclusion of application pool identities in the IIS_WPG.
Scenario: Major Dot-com Site
As the engine that drives over 53% of the Fortune 1000’s internet facing Web sites (according to Port80 Software), IIS has proven to be reliable, secure, and scalable in the world’s most demanding data centers. Built on this successful foundation, IIS7 allows a dot-com company to build a finely tuned, deeply integrated, more manageable Web server to deploy new or existing Web applications. IIS7 delivering .NET applications allows a dot-com company to reduce time to market by increasing developer productivity while leveraging the integration of the Microsoft platform.
Scenario: ISV – Web Applications
IIS7’s extensibility creates many new opportunities for ISV’s to extend their existing Web applications; write custom IIS7 modules and handlers; integrate existing application features with the IIS7 tracing and diagnostics features; and add administration capabilities to the IIS7 UI. A handler or module loading at the global level in IIS7 can make services available to all Web sites instantly. For example, if a module is installed at the global Web server level that inserted a company’s logo onto all graphic images, all Web sites on the server would automatically be enabled. In this way, unique new solutions and services can be quickly made available for existing applications without adding code to existing Web sites. ISV’s can develop applications on Vista running IIS7. These applications will deploy to IIS7 in Longhorn Server without modification.
Scenario: ISV –IIS7 Applications
ISV’s have an opportunity to create modules and handlers for IIS7 to add additional popular capabilities to the server. As these become available for sale or distribution, IIS.NET will feature a central listing of such offerings. We expect to see a healthy marketplace for IIS7 add-ons much like the open source community has enjoyed.
Scenario: Enterprise Web Applications
Enterprises demand robust, reliable, secure, and resilient public and private facing Web applications. All of IIS7’s capabilities can be leveraged to provide a common platform delivering integrated Web services to customers and employees alike. IIS7 provides an unparalleled degree of interoperability with existing infrastructure while delivering Microsoft’s latest Web technologies such as .NET 3.0, ATLAS, and ASP.NET 2.0.
FAQ
Q: Where and when does IIS7 ship? How do I get IIS7?
A: IIS7 is a part of Microsoft's Windows Vista and Windows Server "Longhorn" release. Beta releases are made broadly available from TechNet, MSDN, and Microsoft.com from time to time. You can try IIS7 out now in your Web browser using
Q: Where can I get more information about IIS7?
A: IIS.NET is the best location for current IIS7 information. This Web site is published and maintained by the IIS team.
Q: So IIS7 now only delivers .NET applications?
A: No. IIS7 can deliver any application you can run on IIS 6. IIS 7 offers you a choice of using an “integrated” application pool that loads the .NET CLR and allows you to use managed modules and handlers as well as ISAPI filters and extensions in the request processing pipeline, or a “classic” application pool that works exactly like one found in IIS 6. Keep in mind that even though an integrated application pool can use managed code to provide customized services in the request processing pipeline, the content being served can, by that pool, be any kind of application or content.
Q: How does IIS7 work with ASP.NET? Are there any significant changes or improvements for ASP.NET Developers?
A: IIS7 takes ASP.NET to the next level by integrating the ASP.NET runtime extensibility model with the core server. This allows developers to fully extend the IIS7 server with the richness of ASP.NET 2.0 and the .NET framework -- instead of only being able to use the lower level IIS C++ APIs. Existing ASP.NET applications also immediately benefit from tighter integration by being able to use existing ASP.NET features such as Forms Authentication, Roles, and Output Caching for all types of content. For more information on how to use ASP.NET with IIS7, see the ASP.NET Integration with IIS7 article.
Q: How does IIS7 work with Windows Communication Framework? What benefits do I get by running WCF applications in IIS7?
A: IIS7 has generalized the immensely powerful HTTP process activation model that IIS 6.0 introduced with Application Pools, and has made it available for all protocols. This protocol independent service is called the "Windows Process Activation Service." The Windows Communication Framework ships with protocol adapters that can leverage the capabilities of the "Windows Process Activation Service." This can dramatically improve the reliability and resource usage of WCF services. This whitepaper walks you through a very basic WCF service that uses the "Windows Process Activation Service." For more information on how to implement a WCF application hosted on IIS7, see Writing a Service Hosted by the Windows Process Activation Service.
Q: Are there any samples or kits for building an IIS7 module?
A: You can read a step-by-step tutorial on building a managed module in Developing a Managed Module using .NET Framework and instructions for building a native (C++) module in Developing a Native (C++) Module for IIS7 Walkthrough. You may also wish to download the IIS7 Managed Module Starter Kit for Visual Studio, or the IIS7 Module Starter Kit for C++
Q: Is IIS7 configuration compatible with the metabase?
A: Yes.
What happens to my existing ADSI / WMI Scripts?
A: IIS7 includes a metabase compatibility component that allows for your existing scripts and applications to continue running. For more information, see IIS6 Metabase Compatibility. You may also wish to try out the How to use Metabase Compatibility walkthrough.
Q: How do I setup IIS7?
See the following guides for IIS7 Setup:
- Install IIS7 on Longhorn Server
- Install IIS7 on Vista
- Install IIS7 at the command-line
- Use Unattended Install with IIS7
Quick Ramp-up Guide
Quickly get ramped up on IIS7
- Watch Bill Staples deliver an IIS7 Overview:
- To see IIS7 PM’s lecturing on their expertise see:
Security; Tracing and Diagnostics; Configuration; Modular Core;
Setup and Installation; Administration
- For additional FAQ’s see
- End-to-End Extensibility walkthrough with code
- Developing an IIS Module with .NET
- How to write a native module for IIS7