IIS 6.0 is a ground up rewrite of the previous incarnation of IIS, version 5.0. IIS has been redesigned to improve aspects of all the main feature areas: reliability, availability, manageability, scalability and performance.
Fault-tolerant process architectureThe IIS 6.0 fault-tolerant process architecture isolates Web sites and applications into self-contained units called application pools. Application pools provide a convenient way to administer a set of Web sites and applications and increase reliability, because errors in one application pool cannot cause another application pool, or the server itself, to fail.
Health monitoringIIS 6.0 periodically checks the status of an application pool with automatic restart on failure of the Web sites and applications within that application pool, increasing application availability. IIS 6.0 protects the server, and other applications, by automatically disabling Web sites and applications that fail too often within a short amount of time.
Automatic process recyclingIIS 6.0 automatically stops and restarts faulty Web sites and applications based on a flexible set of criteria, including CPU utilization and memory consumption, while queuing requests. IIS 6.0 also maintains the client TCP/IP connection when a worker process is being recycled, isolating Web services client applications from back-end Web application instability.
Rapid-fail protectionIf an application fails too often within a short amount of time, IIS 6.0 will automatically disable it and return a "503 Service Unavailable" error message to any new or queued requests to the application. Custom actions, for example, a debugging action or administrator notification, can also be triggered. Rapid-fail protection can protect a Web server against denial of service attacks.
XML-based configuration fileThe XML-formatted, plain text metabase in IIS 6.0 provides improved backup and restore capabilities for servers that experience critical failures. It also provides improved troubleshooting and metabase corruption recovery. Direct editing, using common text editing tools, provides greater manageability.
Edit-while-runningIIS 6.0 gives administrators the important capability to change the server configuration while the server continues running. For example, this feature can be used to add a new site, create virtual directories, or change the configuration of application pools and worker processes—all while IIS 6.0 continues to process requests—with no recompilation or restart required.
Command-line and script-based administrationIIS 6.0 administrators can use the Windows Server 2003 command-line to accomplish many common management tasks. With a single command, administrators can manage multiple local or remote computers. IIS 6.0 also features a complete scripting environment for automating common system administration tasks from the command-line without having to use a graphical user interface.
Support for WMIIIS 6.0 provides full support for Windows Management Instrumentation (WMI), giving Web administrators access to important system management data, such as performance counters and configuration files. The WMI interfaces, similar in nature to the Active Directory Service Interfaces (ADSI) that are still supported, are used in administration scripts and can also be used to modify the XML-based configuration metabase.
Server ConsolidationIIS 6.0 performance has increased dramatically over previous versions of the server, with a single server able to host many more sites and applications.
Site scalabilityIIS 6.0 has improved the way the operating system uses internal resources. For example, IIS 6.0 does not pre-allocate resources at initialization time. Many more sites can be hosted on a single server running IIS 6.0, and a larger number of worker processes can be concurrently active. Starting up and shutting down a server is faster, compared with earlier versions of IIS. All of these improvements contribute to increased site scalability with IIS 6.0.
New kernel-mode driver, HTTP.sysWindows Server 2003 introduces a new kernel-mode driver, HTTP protocol stack (HTTP.sys), for HTTP parsing and caching, providing increased scalability and performance. IIS 6.0 is built on top of HTTP.sys and is specifically tuned to increase Web server throughput.
Web gardensIIS 6.0 worker process isolation mode also enables multiple worker processes to be configured to service requests for a given application pool, a configuration known as a Web garden.
Processor affinityProcessor affinity, when set, enables IIS 6.0 worker processes to run on specific microprocessors or CPUs. Processor affinity can also be used with Web gardens that run on multiprocessor computers where clusters of CPUs have been dedicated to specific application pools.
Increased SecurityIIS 6.0 is far more secure than IIS 4x or IIS 5x, with many new features designed to increase the security of the Web infrastructure. IIS 6.0 is also "locked down" out of the box with the strongest time-outs and content limits set by default.
Locked-down serverIIS 6.0 provides significantly improved security. To reduce the attack surface of systems, IIS 6.0 is not installed by default on Windows Server 2003—administrators must explicitly select and install it. IIS 6.0 ships in a locked-down state, serving only static content. Using the Web service extension node, Web site administrators can enable or disable IIS functionality based on the individual needs of the organization.
Web service extensions listThe default installation of IIS will not compile, execute, nor serve files with dynamic extensions. In order to have them served, each acceptable file extension must be added to the Web service extensions list. This requirement prevents anyone from calling a page with a dynamic extension that has not been secured.
Default low-privilege accountAll IIS 6.0 worker processes—by default—run as Network Service user accounts, a new, built-in account type with limited operating system privileges, on Windows Server 2003. All ASP built-in functions always run as low-privileged accounts (anonymous user).