Five Major Focus Areas
Security is a subject that any large enterprise must consider before making the decision to adopt a particular web server. IIS 7.0 continues the security initiatives incorporated in IIS 6.0, taking them a step forward by offering a much more modular design. The new modular design splits the features/functionality offered by IIS into multiple fine-grained services that need not be installed when a specific is not required. Figure 3
below illustrates the installation options available for adding or removing a service. IIS 7 ships with more than 40 modules or services that can be added to or removed from an installation as required.
|Figure 3. IIS 7.0 Role Services: From this installation dialog, you can choose from among more than 40 different modular role services that you can add to IIS 7.0.|
The main advantage of the new modular design is that it helps reduce the footprint of IIS. A reduced footprint maps directly to a reduced surface area for attacks, thus making the web server more secure.
Extensibility: IIS 7.0 has a new set of public APIs that developers can use to extend IIS. Integration with ASP.NET and managed code now lets developers write modules in managed .NET code. Further, IIS sports a unified pipeline, which means that the managed modules do not need to be mapped to the ASP.NET ISAPI to participate in request processing. This means that developers now have a choice of either writing modules using managed code or using the native API to build ISAPI modules. Because IIS is highly modular it is also possible to replace any of the built-in modules with custom built modules if necessary.
Configuration: IIS configuration management has been integrated with the configuration for ASP.NET. This means that IIS also uses a web.config file for storing configuration information, and that you can deploy a specific web server configuration by simply copying the correct web.config file. In IIS 7.0, the metabase has been completely replaced with the web.config file; IIS 7.0 no longer uses the metabase repository used by earlier IIS versions for storing configuration settings.
System Management: IIS 7.0 moves away from the traditional MMC snap-in used by earlier versions and provides a new, more intuitive administrative user interface (see Figure 4) that also integrates and manages ASP.NET configuration information.
|Figure 4. IIS 7.0 Management UI: The figure shows the IIS Manager application replacement for the old MMC snap-in management applet.||
|Figure 5. ASP.NET Session State Configuration: Here's how the IIS Manager application looks when configuring ASP.NET Session State.||
You can group the different configurable items based on categories (such as "Application Development" and "Health and Diagnostics") or group them based on Area (such as ASP.NET and IIS). Figure 5
shows the IIS Manager while setting ASP.NET Session configuration.
Diagnostics: IIS 7.0 includes a Failed Request Tracing feature that enables web administrators to capture information related to requests that failed. You can configure failed request processing by setting up rules that set criteria for filtering and logging failed requests. The trace criteria can be configured to monitor only ASP.NET content, or only ASP content or all content as required. You can use status codes to further filter the requests and log the information. IIS 7 provides a wizard-driven interface for defining the rules. Figure 6 shows the wizard interface where you configure the status codes, while Figure 7 shows the log file after a failed request as viewed in an Internet Explorer web browser.
|Figure 6. Failed Request Trace Log File: Here's an example of creating a rule that logs failed requests for specific status codes.||
|Figure 7. Another Failed Request Trace Log File: Here's how the trace log looks in Internet Explorer, viewed after a failed request.||