Debuted with Windows Vista, also to be included in Windows Server 2008 (formerly Longhorn), IIS 7 has very promising features that will provide a secure, very easy to manage web server platform for hosting Web applications and services. The easily customizable installation of IIS 7 ensures the reduction of attack surface area, footprint and patching requirements.

IIS 7 also make the websites and applications more secure by automatically isolating them to a separate Application Pool for each website, providing a sandboxed configuration and unique process identity by default (from LH Beta 3 build).

You can share the configuration across a Web farm by sharing configuration. You can also administer the server very easily and efficiently using powerful new admin tools. And, yeah, IIS 7 has a really cool new UI.

IIS 7 also has inbuilt diagnostics and troubleshooting tools like FREB - Failed Request Tracing which comes as a very handy tool for the administrators and the developers to troubleshoot on problems with the websites.

Architectural changes

IIS 7.0 has a completely new architecture which is modular. In the previous versions of IIS, it was a monolithic server featuring all the services. But, IIS 7 has a core web server engine and required modules can be plugged into the main request processing pipeline – called as unified request processing pipeline. This allows you to plug in both native and managed (ASP.NET) modules into the main request processing pipeline. A very good example for this is the ASP.NET Forms based authentication can now be used for any type of file, e.g. .HTM, .GIF, .JPG, etc. Also, the unused modules can be unplugged from the server which means we are reducing attack surface and the footprint of the server.

What’s in store for the developers?

Modular architecture is a big win for the developers and also the website administrators. Now, a developer can easily enable/change the default document for the site without admin privilege, provided admin had allowed the developers to change the default document. So, each time a developer wants to change the default document doesn’t necessarily contact the web server administrators. Administrators can also save time by securely delegating administrative responsibilities to site owners who can then set Web server configuration in web.config files.

For the developers, IIS 7 is the most extensible Web server for developing and deploying web applications. It has over 40 pluggable modules build on top of all the public extensibility APIs. The developers can easily develop new or replacement modules in native or managed code. Also, the most amazing part is they can even create new UI modules and plug them seamlessly into the new IIS 7 manager administration tool.

For more information, visit http://www.iis.net/default.aspx?tabid=7 – the official website of the Microsoft IIS 7 Team.

This is just my introduction post to IIS 7 and I will be posting many HOW TO articles on IIS 7 as I explore this new web server. Keep watching this space for more!